CVE-2025-38413

EPSS 0.03%
Veröffentlicht 25.07.2025 14:15:33
Zuletzt bearbeitet 25.07.2025 15:29:19
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: xsk: rx: fix the frame's length check

When calling buf_to_xdp, the len argument is the frame data's length
without virtio header's length (vi->hdr_len). We check that len with

	xsk_pool_get_rx_frame_size() + vi->hdr_len

to ensure the provided len does not larger than the allocated chunk
size. The additional vi->hdr_len is because in virtnet_add_recvbuf_xsk,
we use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost
to start placing data from

	hard_start + XDP_PACKET_HEADROOM - vi->hdr_len
not
	hard_start + XDP_PACKET_HEADROOM

But the first buffer has virtio_header, so the maximum frame's length in
the first buffer can only be

	xsk_pool_get_rx_frame_size()
not
	xsk_pool_get_rx_frame_size() + vi->hdr_len

like in the current check.

This commit adds an additional argument to buf_to_xdp differentiate
between the first buffer and other ones to correctly calculate the maximum
frame's length.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 892f6ed9a4a38bb3360fdff091b9241cfa105b61

Version a4e7ba7027012f009f22a68bcfde670f9298d3a4

Status affected

Version < 6013bb6bc24c2cac3f45b37a15b71b232a5b00ff

Version a4e7ba7027012f009f22a68bcfde670f9298d3a4

Status affected

Version < 5177373c31318c3c6a190383bfd232e6cf565c36

Version a4e7ba7027012f009f22a68bcfde670f9298d3a4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.11

Status affected

Version < 6.11

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.37

Status unaffected

Version <= 6.15.*

Version 6.15.6

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/5177373c31318c3c6a190383bfd232e6cf565c36

https://git.kernel.org/stable/c/6013bb6bc24c2cac3f45b37a15b71b232a5b00ff

https://git.kernel.org/stable/c/892f6ed9a4a38bb3360fdff091b9241cfa105b61

https://nvd.nist.gov/vuln/detail/CVE-2025-38413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38413

EUVD