CVE-2025-39816

EPSS 0.02%
Veröffentlicht 16.09.2025 13:00:17
Zuletzt bearbeitet 11.04.2026 13:16:35
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths

In the Linux kernel, the following vulnerability has been resolved:

io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths

Since the buffers are mapped from userspace, it is prudent to use
READ_ONCE() to read the value into a local variable, and use that for
any other actions taken. Having a stable read of the buffer length
avoids worrying about it changing after checking, or being read multiple
times.

Similarly, the buffer may well change in between it being picked and
being committed. Ensure the looping for incremental ring buffer commit
stops if it hits a zero sized buffer, as no further progress can be made
at that point.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

NVD 5 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.12 < 6.12.49

Linux ≫ Linux Kernel Version >= 6.13 < 6.16.5

Linux ≫ Linux Kernel Version6.17 Updaterc1

Linux ≫ Linux Kernel Version6.17 Updaterc2

Linux ≫ Linux Kernel Version6.17 Updaterc3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.043

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/390a61d284e1ced088d43928dfcf6f86fffdd780

Patch

https://git.kernel.org/stable/c/98b6fa62c84f2e129161e976a5b9b3cb4ccd117b

Patch

https://git.kernel.org/stable/c/695673eb5711ee5eb1769481cf1503714716a7d1

Patch

https://git.kernel.org/stable/c/91f262ea2a76a02d9e37dba6637cfe6feebb20a8

https://nvd.nist.gov/vuln/detail/CVE-2025-39816

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39816

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39816

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-39816