CVE-2025-10823

CVE-2025-10823

Name

CVE-2025-10823

Description

A vulnerability was found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
issue-tracking	https://github.com/axboe/fio/issues/1982
exploit	https://github.com/user-attachments/files/22266964/poc.zip
signature	https://vuldb.com/?ctiid.325180
vdb-entry	https://vuldb.com/?id.325180
third-party-advisory	https://vuldb.com/?submit.654069

Type

URI

issue-tracking

https://github.com/axboe/fio/issues/1982

exploit

https://github.com/user-attachments/files/22266964/poc.zip

signature

https://vuldb.com/?ctiid.325180

vdb-entry

https://vuldb.com/?id.325180

third-party-advisory

https://vuldb.com/?submit.654069

Match rules

Source package	Min version	Max version
fio	== 3.0	== 3.0
fio	== 3.1	== 3.1
fio	== 3.2	== 3.2
fio	== 3.3	== 3.3
fio	== 3.4	== 3.4
fio	== 3.5	== 3.5
fio	== 3.6	== 3.6
fio	== 3.7	== 3.7
fio	== 3.8	== 3.8
fio	== 3.9	== 3.9
fio	== 3.10	== 3.10
fio	== 3.11	== 3.11
fio	== 3.12	== 3.12
fio	== 3.13	== 3.13
fio	== 3.14	== 3.14
fio	== 3.15	== 3.15
fio	== 3.16	== 3.16
fio	== 3.17	== 3.17
fio	== 3.18	== 3.18
fio	== 3.19	== 3.19
fio	== 3.20	== 3.20
fio	== 3.21	== 3.21
fio	== 3.22	== 3.22
fio	== 3.23	== 3.23
fio	== 3.24	== 3.24
fio	== 3.25	== 3.25
fio	== 3.26	== 3.26
fio	== 3.27	== 3.27
fio	== 3.28	== 3.28
fio	== 3.29	== 3.29
fio	== 3.30	== 3.30
fio	== 3.31	== 3.31
fio	== 3.32	== 3.32
fio	== 3.33	== 3.33
fio	== 3.34	== 3.34
fio	== 3.35	== 3.35
fio	== 3.36	== 3.36
fio	== 3.37	== 3.37
fio	== 3.38	== 3.38
fio	== 3.39	== 3.39
fio	== 3.40	== 3.40
fio	== 3.41	== 3.41

CPE URI

Source package

Min version

Max version

fio

== 3.0

fio

== 3.1

fio

== 3.2

fio

== 3.3

fio

== 3.4

fio

== 3.5

fio

== 3.6

fio

== 3.7

fio

== 3.8

fio

== 3.9

fio

== 3.10

fio

== 3.11

fio

== 3.12

fio

== 3.13

fio

== 3.14

fio

== 3.15

fio

== 3.16

fio

== 3.17

fio

== 3.18

fio

== 3.19

fio

== 3.20

fio

== 3.21

fio

== 3.22

fio

== 3.23

fio

== 3.24

fio

== 3.25

fio

== 3.26

fio

== 3.27

fio

== 3.28

fio

== 3.29

fio

== 3.30

fio

== 3.31

fio

== 3.32

fio

== 3.33

fio

== 3.34

fio

== 3.35

fio

== 3.36

fio

== 3.37

fio

== 3.38

fio

== 3.39

fio

== 3.40

fio

== 3.41

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
fio	edge-community	3.41-r0	wener <wenermail@gmail.com>	possibly vulnerable
fio	edge-community	3.39-r0	wener <wenermail@gmail.com>	possibly vulnerable
fio	edge-community	3.38-r0	wener <wenermail@gmail.com>	possibly vulnerable
fio	3.22-community	3.39-r0	wener <wenermail@gmail.com>	possibly vulnerable
fio	3.22-community	3.38-r0	wener <wenermail@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

fio

edge-community

3.41-r0

wener <wenermail@gmail.com>

possibly vulnerable

fio

edge-community