axboe fio options.c str_buffer_pattern_cb null pointer dereference_CVE-2025-10823

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used.

Basic Information

ID CVE-2025-10823

Source VulDB

Published Sep 22, 2025 at 23:32

Affected Product

Vendor axboe

Product fio

Version 3.0

Affected Versions axboe fio 3.0
axboe fio 3.1
axboe fio 3.2
axboe fio 3.3
axboe fio 3.4
axboe fio 3.5
axboe fio 3.6
axboe fio 3.7
axboe fio 3.8
axboe fio 3.9
axboe fio 3.10
axboe fio 3.11
axboe fio 3.12
axboe fio 3.13
axboe fio 3.14
axboe fio 3.15
axboe fio 3.16
axboe fio 3.17
axboe fio 3.18
axboe fio 3.19
axboe fio 3.20
axboe fio 3.21
axboe fio 3.22
axboe fio 3.23
axboe fio 3.24
axboe fio 3.25
axboe fio 3.26
axboe fio 3.27
axboe fio 3.28
axboe fio 3.29
axboe fio 3.30
axboe fio 3.31
axboe fio 3.32
axboe fio 3.33
axboe fio 3.34
axboe fio 3.35
axboe fio 3.36
axboe fio 3.37
axboe fio 3.38
axboe fio 3.39
axboe fio 3.40
axboe fio 3.41

CWE Classification

CWE-476 CWE-404

References

{
    "lastseen": "",
    "description": "A vulnerability was found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used.",
    "published": "2025-09-22T23:32:10.940Z",
    "modified": "2025-09-22T23:32:10.940Z",
    "type": "cve",
    "title": "axboe fio options.c str_buffer_pattern_cb null pointer dereference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325180\nhttps://vuldb.com/?ctiid.325180\nhttps://vuldb.com/?submit.654069\nhttps://github.com/axboe/fio/issues/1982\nhttps://github.com/user-attachments/files/22266964/poc.zip",
    "id": "CVE-2025-10823",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "axboe fio 3.0\naxboe fio 3.1\naxboe fio 3.2\naxboe fio 3.3\naxboe fio 3.4\naxboe fio 3.5\naxboe fio 3.6\naxboe fio 3.7\naxboe fio 3.8\naxboe fio 3.9\naxboe fio 3.10\naxboe fio 3.11\naxboe fio 3.12\naxboe fio 3.13\naxboe fio 3.14\naxboe fio 3.15\naxboe fio 3.16\naxboe fio 3.17\naxboe fio 3.18\naxboe fio 3.19\naxboe fio 3.20\naxboe fio 3.21\naxboe fio 3.22\naxboe fio 3.23\naxboe fio 3.24\naxboe fio 3.25\naxboe fio 3.26\naxboe fio 3.27\naxboe fio 3.28\naxboe fio 3.29\naxboe fio 3.30\naxboe fio 3.31\naxboe fio 3.32\naxboe fio 3.33\naxboe fio 3.34\naxboe fio 3.35\naxboe fio 3.36\naxboe fio 3.37\naxboe fio 3.38\naxboe fio 3.39\naxboe fio 3.40\naxboe fio 3.41",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "fio",
    "version": "3.0",
    "vendor": "axboe",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}