CVE-2025-40046

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix overshooting recv limit Its reported that sometimes a zcrx request can receive more than was requested. Its caused by io_zcrx_recv_skb() adjusting desc->count for all received buffers including frag lists, but then doing recursive calls to process frag list skbs, which leads to desc->count double accounting and underflow.