{"id":"CVE-2025-39822","summary":"io_uring/kbuf: fix signedness in this_len calculation","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: fix signedness in this_len calculation\n\nWhen importing and using buffers, buf-\u003elen is considered unsigned.\nHowever, buf-\u003elen is converted to signed int when committing. This can\nlead to unexpected behavior if the buffer is large enough to be\ninterpreted as a negative value. Make min_t calculation unsigned.","modified":"2026-04-02T12:48:10.403175Z","published":"2025-09-16T13:00:21.533Z","related":["CGA-wqhh-g5qh-q2wx","SUSE-SU-2025:4393-1","SUSE-SU-2025:4516-1","SUSE-SU-2025:4517-1","SUSE-SU-2026:20012-1","SUSE-SU-2026:20015-1","SUSE-SU-2026:20021-1","openSUSE-SU-2025:20172-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39822.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/c64eff368ac676e8540344d27a3de47e0ad90d21"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f4f411c068402c370c4f9a9d4950a97af97bbbb1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39822.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39822"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"cf9536e550dd243a1681fdbf804221527da20a80"},{"fixed":"f4f411c068402c370c4f9a9d4950a97af97bbbb1"},{"fixed":"c64eff368ac676e8540344d27a3de47e0ad90d21"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39822.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}