CVE-2025-38453 io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU

🗓️ 25 Jul 2025 15:27:33Reported by GoogleType

osv

osv🔗 osv.dev👁 4 Views

CVE-2025-38453 fixes io_uring/msg_ring vulnerability in Linux kernel to defer io_kiocb freeing.

Reporter	Title	Published	Views	Family All 143
Tenable Nessus	Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1208)	30 Sep 202500:00	–	nessus
Tenable Nessus	AlmaLinux 10 : kernel (ALSA-2026:1690)	5 Feb 202600:00	–	nessus
Tenable Nessus	Debian dsa-6008 : ata-modules-6.12.31-armmp-di - security update	22 Sep 202500:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2025-20081-1)	2 Dec 202500:00	–	nessus
Tenable Nessus	Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-25754)	10 Nov 202500:00	–	nessus
Tenable Nessus	Oracle Linux 10 : kernel (ELSA-2026-1690)	3 Feb 202600:00	–	nessus
Tenable Nessus	RHEL 10 : kernel (RHSA-2026:1690)	2 Feb 202600:00	–	nessus
Tenable Nessus	RHEL 10 : kernel (RHSA-2026:1727)	2 Feb 202600:00	–	nessus
Tenable Nessus	RockyLinux 10 : kernel (RLSA-2026:1690)	8 Feb 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2025:02853-1)	19 Aug 202500:00	–	nessus

Source	Link
git	www.git.kernel.org/stable/c/094ba14a471cc6c68078c7ad488539eaf32c2277
git	www.git.kernel.org/stable/c/e5b3432f4a6b418b8bd8fc91f38efbf17a77167a
git	www.git.kernel.org/stable/c/fc582cd26e888b0652bc1494f252329453fd3b23
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38453.json
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-38453
git	www.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

02 Apr 2026 12:47Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.5

EPSS0.0014

cve-2025-38453 linux kernel io_uring vulnerability msg_ring rcu freeing