Acknowledged
Created: Sep 4, 2025
Updated: Sep 8, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]io_uring/net: commit partial buffers on retry[EOL][EOL]Ring provided buffers are potentially only valid within the single[EOL]execution context in which they were acquired. io_uring deals with this[EOL]and invalidates them on retry. But on the networking side, if[EOL]MSG_WAITALL is set, or if the socket is of the streaming type and too[EOL]little was processed, then it will hang on to the buffer rather than[EOL]recycle or commit it. This is problematic for two reasons:[EOL][EOL]1) If someone unregisters the provided buffer ring before a later retry,[EOL] then the req->buf_list will no longer be valid.[EOL][EOL]2) If multiple sockers are using the same buffer group, then multiple[EOL] receives can consume the same memory. This can cause data corruption[EOL] in the application, as either receive could land in the same[EOL] userspace buffer.[EOL][EOL]Fix this by disallowing partial retries from pinning a provided buffer[EOL]across multiple executions, if ring provided buffers are used.
CREATE(Triage):(User=admin) [CVE-2025-38730 (https://nvd.nist.gov/vuln/detail/CVE-2025-38730)
