CVE-2025-39816

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths<br /> <br /> Since the buffers are mapped from userspace, it is prudent to use<br /> READ_ONCE() to read the value into a local variable, and use that for<br /> any other actions taken. Having a stable read of the buffer length<br /> avoids worrying about it changing after checking, or being read multiple<br /> times.<br /> <br /> Similarly, the buffer may well change in between it being picked and<br /> being committed. Ensure the looping for incremental ring buffer commit<br /> stops if it hits a zero sized buffer, as no further progress can be made<br /> at that point.