DEBIAN-CVE-2025-38413

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-38413
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-38413.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-38413
Upstream
Published
2025-07-25T14:15:33.017Z
Modified
2025-11-14T03:18:31.287293Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame's length check When calling buftoxdp, the len argument is the frame data's length without virtio header's length (vi->hdrlen). We check that len with xskpoolgetrxframesize() + vi->hdrlen to ensure the provided len does not larger than the allocated chunk size. The additional vi->hdrlen is because in virtnetaddrecvbufxsk, we use part of XDPPACKETHEADROOM for virtio header and ask the vhost to start placing data from hardstart + XDPPACKETHEADROOM - vi->hdrlen not hardstart + XDPPACKETHEADROOM But the first buffer has virtioheader, so the maximum frame's length in the first buffer can only be xskpoolgetrxframesize() not xskpoolgetrxframesize() + vi->hdrlen like in the current check. This commit adds an additional argument to buftoxdp differentiate between the first buffer and other ones to correctly calculate the maximum frame's length.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.37-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.37-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}