{
  "threat_severity" : "Moderate",
  "public_date" : "2025-09-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer handling",
    "id" : "2393191",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2393191"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-825",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nio_uring/net: commit partial buffers on retry\nRing provided buffers are potentially only valid within the single\nexecution context in which they were acquired. io_uring deals with this\nand invalidates them on retry. But on the networking side, if\nMSG_WAITALL is set, or if the socket is of the streaming type and too\nlittle was processed, then it will hang on to the buffer rather than\nrecycle or commit it. This is problematic for two reasons:\n1) If someone unregisters the provided buffer ring before a later retry,\nthen the req->buf_list will no longer be valid.\n2) If multiple sockers are using the same buffer group, then multiple\nreceives can consume the same memory. This can cause data corruption\nin the application, as either receive could land in the same\nuserspace buffer.\nFix this by disallowing partial retries from pinning a provided buffer\nacross multiple executions, if ring provided buffers are used.", "A flaw was found in the Linux kernel's io_uring/net component. This vulnerability arises when ring provided buffers are partially committed during network operations, particularly when MSG_WAITALL is enabled or with streaming sockets. A local attacker could exploit this by causing multiple socket receives to access the same memory, leading to data corruption within applications. This could also result in system instability if buffer rings are unregistered before a retry operation completes." ],
  "statement" : "This Moderate impact flaw in the Linux kernel's io_uring/net component affects Red Hat Enterprise Linux 9 and 10. A local attacker with a special group privilege may impact to a denial of service or a leak of kernel internal information through the shared ring buffer between user space and the kernel space processes.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-02-09T00:00:00Z",
    "advisory" : "RHSA-2026:2282",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.35.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-02-24T00:00:00Z",
    "advisory" : "RHSA-2026:3124",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "kernel-0:6.12.0-55.61.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-02-09T00:00:00Z",
    "advisory" : "RHSA-2026:2212",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.30.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-02-09T00:00:00Z",
    "advisory" : "RHSA-2026:2212",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.30.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-02-17T00:00:00Z",
    "advisory" : "RHSA-2026:2766",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.111.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-02-16T00:00:00Z",
    "advisory" : "RHSA-2026:2759",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "kernel-0:5.14.0-570.89.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38730\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38730\nhttps://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38730-f2e6@gregkh/T" ],
  "name" : "CVE-2025-38730",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}