What is CVE-2025-40046?

CVE-2025-40046 is a unscored severity Linux kernel vulnerability. CVE-2025-40046 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40046?

CVE-2025-40046 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40046?

No patch is currently available for CVE-2025-40046. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2025-40046 actively exploited?

CVE-2025-40046 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40046

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix overshooting recv limit It's reported that sometimes a zcrx request can receive more than was requested. It's caused by io_zcrx_recv_skb() adjusting desc->count for all received buffers including frag lists, but then doing recursive calls to process frag list skbs, which leads to desc->count double accounting and underflow.

Package Linux Kernel

Published 2025-10-28

Last modified 2026-04-15

Patch available

Awaiting data

References

The following references provide additional information about CVE-2025-40046 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/09cfd3c52ea76f43b3cb15e570aeddf633d65e80
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8bcc9eaf1b19f1a7029cba19f6bd4122b40f6c4f
Patch