CVE-2025-38375
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38375
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38375.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38375
- Downstream
- Related
- Published
- 2025-07-25T13:15:26Z
- Modified
- 2025-08-28T15:15:48Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
virtio-net: ensure the received length does not exceed allocated size
In xdplinearizepage, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check.
- References
-
- https://git.kernel.org/stable/c/11f2d0e8be2b5e784ac45fa3da226492c3e506d8
- https://git.kernel.org/stable/c/315dbdd7cdf6aa533829774caaf4d25f1fd20e73
- https://git.kernel.org/stable/c/6aca3dad2145e864dfe4d1060f45eb1bac75dd58
- https://git.kernel.org/stable/c/773e95c268b5d859f51f7547559734fd2a57660c
- https://git.kernel.org/stable/c/80b971be4c37a4d23a7f1abc5ff33dc7733d649b
- https://git.kernel.org/stable/c/982beb7582c193544eb9c6083937ec5ac1c9d651
- https://git.kernel.org/stable/c/bc68bc3563344ccdc57d1961457cdeecab8f81ef
- https://git.kernel.org/stable/c/ddc8649d363141fb3371dd81a73e1cb4ef8ed1e1