fkie_cve-2025-38375
Vulnerability from fkie_nvd
Published
2025-07-25 13:15
Modified
2025-07-25 15:29
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/11f2d0e8be2b5e784ac45fa3da226492c3e506d8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/315dbdd7cdf6aa533829774caaf4d25f1fd20e73
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6aca3dad2145e864dfe4d1060f45eb1bac75dd58
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/80b971be4c37a4d23a7f1abc5ff33dc7733d649b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/982beb7582c193544eb9c6083937ec5ac1c9d651
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bc68bc3563344ccdc57d1961457cdeecab8f81ef
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: ensure the received length does not exceed allocated size\n\nIn xdp_linearize_page, when reading the following buffers from the ring,\nwe forget to check the received length with the true allocate size. This\ncan lead to an out-of-bound read. This commit adds that missing check."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-net: garantizar que la longitud recibida no supere el tama\u00f1o asignado. En xdp_linearize_page, al leer los siguientes b\u00faferes del anillo, se olvida verificar la longitud recibida con el tama\u00f1o asignado real. Esto puede provocar una lectura fuera de los l\u00edmites. Este commit a\u00f1ade esta verificaci\u00f3n faltante."
    }
  ],
  "id": "CVE-2025-38375",
  "lastModified": "2025-07-25T15:29:19.837",
  "metrics": {},
  "published": "2025-07-25T13:15:26.517",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/11f2d0e8be2b5e784ac45fa3da226492c3e506d8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/315dbdd7cdf6aa533829774caaf4d25f1fd20e73"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6aca3dad2145e864dfe4d1060f45eb1bac75dd58"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/80b971be4c37a4d23a7f1abc5ff33dc7733d649b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/982beb7582c193544eb9c6083937ec5ac1c9d651"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bc68bc3563344ccdc57d1961457cdeecab8f81ef"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.