Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-08T00:00:00 kernel: io_uring/kbuf: check if target buffer list is still legacy on recycle 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-367

In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: check if target buffer list is still legacy on recycle There's a gap between when the buffer was grabbed and when it potentially gets recycled, where if the list is empty, someone could've upgraded it to a ring provided type. This can happen if the request is forced via io-wq. The legacy recycling is missing checking if the buffer_list still exists, and if it's of the correct type. Add those checks.

A flaw was found in the Linux kernel. A vulnerability exists in the io_uring/kbuf component related to buffer recycling. There is a time gap where a buffer list, if empty, could be incorrectly upgraded to a ring-provided type. The legacy recycling mechanism fails to properly check the buffer list's existence and type, which could lead to system instability or unexpected behavior.

Red Hat acknowledges the upstream Linux kernel correction for «io_uring/kbuf» as described in COMMENT_ZERO. Fixes are delivered through standard kernel errata for supported products. Operational exposure depends on whether this subsystem or driver is active in your configuration. Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43366 https://nvd.nist.gov/vuln/detail/CVE-2026-43366 https://lore.kernel.org/linux-cve-announce/2026050828-CVE-2026-43366-94ff@gregkh/T