CVE-2025-38196

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7-syzkaller-gd7fa1af5b33e

Description: A vulnerability in the Linux kernel has been resolved, related to the io uring/rsrc module. The issue occurs when the buffer count with offset for cloning exceeds the maximum allowed limit, triggering a WARN ON() for kmalloc() attempt that's too big. This is due to the registration code only checking the total count of buffers, but not the offset + count, which can exceed the IORING MAX REG BUFFERS limit.

Recommendations: For Linux kernel versions prior to 6.15.0-rc7-syzkaller-gd7fa1af5b33e, update to a newer version that includes the fix for the io uring/rsrc vulnerability. As a temporary workaround, consider restricting the use of the io uring/rsrc module to minimize the risk of exploitation. Avoid using the io clone buffers function with large buffer counts and offsets until the issue is resolved.