CVE-2025-39816

MEDIUM 5.5

io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

2th

In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths Since the buffers are mapped from userspace, it is prudent to use READ_ONCE() to read the value into a local variable, and use that for any other actions taken. Having a stable read of the buffer length avoids worrying about it changing after checking, or being read multiple times. Similarly, the buffer may well change in between it being picked and being committed. Ensure the looping for incremental ring buffer commit stops if it hits a zero sized buffer, as no further progress can be made at that point.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Sep 16, 2025
Last Updated	Apr 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new medium vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

ae98dbf43d755b4e111fcd086e53939bef3e9a1a < 695673eb5711ee5eb1769481cf1503714716a7d1 ae98dbf43d755b4e111fcd086e53939bef3e9a1a < 91f262ea2a76a02d9e37dba6637cfe6feebb20a8 ae98dbf43d755b4e111fcd086e53939bef3e9a1a < 390a61d284e1ced088d43928dfcf6f86fffdd780 ae98dbf43d755b4e111fcd086e53939bef3e9a1a < 98b6fa62c84f2e129161e976a5b9b3cb4ccd117b

Linux / Linux

6.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/695673eb5711ee5eb1769481cf1503714716a7d1 git.kernel.org: https://git.kernel.org/stable/c/91f262ea2a76a02d9e37dba6637cfe6feebb20a8 git.kernel.org: https://git.kernel.org/stable/c/390a61d284e1ced088d43928dfcf6f86fffdd780 git.kernel.org: https://git.kernel.org/stable/c/98b6fa62c84f2e129161e976a5b9b3cb4ccd117b