In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_struct uaf io_free_rbuf_ring() usees a struct user_struct, which io_zcrx_ifq_free() puts it down before destroying the ring.

A flaw was found in the Linux kernel's io_uring/zcrx subsystem. This use-after-free (UAF) vulnerability occurs because the `io_free_rbuf_ring()` function uses a `struct user_struct` that is prematurely freed by `io_zcrx_ifq_free()` before the ring is destroyed. A local attacker could potentially exploit this flaw to achieve privilege escalation or execute arbitrary code, leading to a compromise of the system.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-45995 https://nvd.nist.gov/vuln/detail/CVE-2026-45995 https://lore.kernel.org/linux-cve-announce/2026052740-CVE-2026-45995-7e97@gregkh/T