-

CVE-2025-38375

EPSS 0.04%
Veröffentlicht 25.07.2025 13:15:26
Zuletzt bearbeitet 28.08.2025 15:15:48
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: ensure the received length does not exceed allocated size

In xdp_linearize_page, when reading the following buffers from the ring,
we forget to check the received length with the true allocate size. This
can lead to an out-of-bound read. This commit adds that missing check.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 773e95c268b5d859f51f7547559734fd2a57660c

Version 4941d472bf95b4345d6e38906fcf354e74afa311

Status affected

Version < ddc8649d363141fb3371dd81a73e1cb4ef8ed1e1

Version 4941d472bf95b4345d6e38906fcf354e74afa311

Status affected

Version < 982beb7582c193544eb9c6083937ec5ac1c9d651

Version 4941d472bf95b4345d6e38906fcf354e74afa311

Status affected

Version < 6aca3dad2145e864dfe4d1060f45eb1bac75dd58

Version 4941d472bf95b4345d6e38906fcf354e74afa311

Status affected

Version < 80b971be4c37a4d23a7f1abc5ff33dc7733d649b

Version 4941d472bf95b4345d6e38906fcf354e74afa311

Status affected

Version < bc68bc3563344ccdc57d1961457cdeecab8f81ef

Version 4941d472bf95b4345d6e38906fcf354e74afa311

Status affected

Version < 11f2d0e8be2b5e784ac45fa3da226492c3e506d8

Version 4941d472bf95b4345d6e38906fcf354e74afa311

Status affected

Version < 315dbdd7cdf6aa533829774caaf4d25f1fd20e73

Version 4941d472bf95b4345d6e38906fcf354e74afa311

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.14

Status affected

Version < 4.14

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.189

Status unaffected

Version <= 6.1.*

Version 6.1.144

Status unaffected

Version <= 6.6.*

Version 6.6.97

Status unaffected

Version <= 6.12.*

Version 6.12.37

Status unaffected

Version <= 6.15.*

Version 6.15.6

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/11f2d0e8be2b5e784ac45fa3da226492c3e506d8

https://git.kernel.org/stable/c/315dbdd7cdf6aa533829774caaf4d25f1fd20e73

https://git.kernel.org/stable/c/6aca3dad2145e864dfe4d1060f45eb1bac75dd58

https://git.kernel.org/stable/c/80b971be4c37a4d23a7f1abc5ff33dc7733d649b

https://git.kernel.org/stable/c/982beb7582c193544eb9c6083937ec5ac1c9d651

https://git.kernel.org/stable/c/bc68bc3563344ccdc57d1961457cdeecab8f81ef

https://git.kernel.org/stable/c/773e95c268b5d859f51f7547559734fd2a57660c

https://git.kernel.org/stable/c/ddc8649d363141fb3371dd81a73e1cb4ef8ed1e1

https://nvd.nist.gov/vuln/detail/CVE-2025-38375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38375

EUVD