EST

PRE-CVEEXPLOITEDPATCHED

null

io_uring zcrx freelist OOB write

56% confidence

Description

A vulnerability exists in io_uring related to zcrx freelist OOB write. The exploit described involves writing a script path to /proc/sys/kernel/modprobe, which directly modifies modprobe_path in kernel memory. This requires CAP_SYS_ADMIN privileges, which can be obtained via CAP_NET_ADMIN in certain container configurations. The potential impact is a container escape.

Affected Products

Vendor	Product	Versions
null	—	—

Related News (3 articles)

Tier C

oss-security3d ago

Re: CVE request: io_uring zcrx freelist OOB write

→ No new info (linked only)

Tier C

oss-security3d ago

Re: CVE request: io_uring zcrx freelist OOB write

→ No new info (linked only)

Tier C

oss-security3d ago

Re: CVE request: io_uring zcrx freelist OOB write

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

003049b1c4fb8aabb93febb7d1e49004f6ad653b

PublishedMay 8, 2026

Last enriched3d agov2

Trending Score23

Source articles3

Independent1

Info Completeness5/14

Missing: cve_id, product, versions, cvss, epss, cwe, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: reported

Confidence: 56%

Vulnerability Timeline

CVE Published

May 8, 2026

Actively Exploited

May 8, 2026

Exploit Available

May 8, 2026

Patch Available

May 8, 2026

Discovered by ZDM

May 8, 2026

Updated: exploitAvailable, activelyExploited, patchAvailable

May 8, 2026

Version History

Last enriched 3d ago

v2Tier C3d ago

Marked exploit as available and actively exploited, and added patch information.

exploitAvailableactivelyExploitedpatchAvailable

via oss-security

v13d ago

Initial creation