#VU114830 Improper locking in Linux kernel - CVE-2025-38730
Published: September 5, 2025
Vulnerability identifier: #VU114830
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38730
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_bundle_nbufs(), io_sendmsg(), io_net_kbuf_recyle(), io_send_zc() and io_sendmsg_zc() functions in io_uring/net.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/21a4ddb0f5e933f372808c10b9ac704505751bb1
- https://git.kernel.org/stable/c/2eb7937b5fc7fcd90eab7bebb0181214b61b9283
- https://git.kernel.org/stable/c/3b53dc1c641f2884d4750fc25aaf6c36b90db606
- https://git.kernel.org/stable/c/41b70df5b38bc80967d2e0ed55cc3c3896bba781
- https://git.kernel.org/stable/c/fe9da1812f8697a38f7e30991d568ec199e16059