1. Home
  2. Vulnerabilities
  3. CVE-2025-38730
0.0
NA
CVE-2025-38730
io_uring/net: commit partial buffers on retry
Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on retry. But on the networking side, if MSG_WAITALL is set, or if the socket is of the streaming type and too little was processed, then it will hang on to the buffer rather than recycle or commit it. This is problematic for two reasons: 1) If someone unregisters the provided buffer ring before a later retry, then the req->buf_list will no longer be valid. 2) If multiple sockers are using the same buffer group, then multiple receives can consume the same memory. This can cause data corruption in the application, as either receive could land in the same userspace buffer. Fix this by disallowing partial retries from pinning a provided buffer across multiple executions, if ring provided buffers are used.

INFO

Published Date :

Sept. 4, 2025, 4:15 p.m.

Last Modified :

Sept. 5, 2025, 5:47 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-38730 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Apply kernel updates to prevent partial buffer issues with io_uring and networking.
  • Update the Linux kernel to the latest stable version.
  • Apply the specific patch for io_uring/net buffer handling.
  • Recompile the kernel if necessary.
  • Restart affected systems.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-38730.

URL Resource
https://git.kernel.org/stable/c/21a4ddb0f5e933f372808c10b9ac704505751bb1
https://git.kernel.org/stable/c/2eb7937b5fc7fcd90eab7bebb0181214b61b9283
https://git.kernel.org/stable/c/3b53dc1c641f2884d4750fc25aaf6c36b90db606
https://git.kernel.org/stable/c/41b70df5b38bc80967d2e0ed55cc3c3896bba781
https://git.kernel.org/stable/c/fe9da1812f8697a38f7e30991d568ec199e16059
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-38730 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-38730 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-38730 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-38730 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Sep. 04, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on retry. But on the networking side, if MSG_WAITALL is set, or if the socket is of the streaming type and too little was processed, then it will hang on to the buffer rather than recycle or commit it. This is problematic for two reasons: 1) If someone unregisters the provided buffer ring before a later retry, then the req->buf_list will no longer be valid. 2) If multiple sockers are using the same buffer group, then multiple receives can consume the same memory. This can cause data corruption in the application, as either receive could land in the same userspace buffer. Fix this by disallowing partial retries from pinning a provided buffer across multiple executions, if ring provided buffers are used.
    Added Reference https://git.kernel.org/stable/c/21a4ddb0f5e933f372808c10b9ac704505751bb1
    Added Reference https://git.kernel.org/stable/c/2eb7937b5fc7fcd90eab7bebb0181214b61b9283
    Added Reference https://git.kernel.org/stable/c/3b53dc1c641f2884d4750fc25aaf6c36b90db606
    Added Reference https://git.kernel.org/stable/c/41b70df5b38bc80967d2e0ed55cc3c3896bba781
    Added Reference https://git.kernel.org/stable/c/fe9da1812f8697a38f7e30991d568ec199e16059
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.