CVE-2025-39718

EPSS 0.04%
Veröffentlicht 05.09.2025 17:21:25
Zuletzt bearbeitet 03.11.2025 18:16:44
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: Validate length in packet header before skb_put()

When receiving a vsock packet in the guest, only the virtqueue buffer
size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately,
virtio_vsock_skb_rx_put() uses the length from the packet header as the
length argument to skb_put(), potentially resulting in SKB overflow if
the host has gone wonky.

Validate the length as advertised by the packet header before calling
virtio_vsock_skb_rx_put().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 969b06bd8b7560efb100a34227619e7d318fbe05

Version baddcc2c71572968cdaeee1c4ab3dc0ad90fa765

Status affected

Version < ee438c492b2e0705d819ac0e25d04fae758d8f8f

Version 71dc9ec9ac7d3eee785cdc986c3daeb821381e20

Status affected

Version < faf332a10372390ce65d0b803888f4b25a388335

Version 71dc9ec9ac7d3eee785cdc986c3daeb821381e20

Status affected

Version < 676f03760ca1d69c2470cef36c44dc152494b47c

Version 71dc9ec9ac7d3eee785cdc986c3daeb821381e20

Status affected

Version < 0dab92484474587b82e8e0455839eaf5ac7bf894

Version 71dc9ec9ac7d3eee785cdc986c3daeb821381e20

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.3

Status affected

Version < 6.3

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.44

Status unaffected

Version <= 6.16.*

Version 6.16.4

Status unaffected

Version <= *

Version 6.17

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/969b06bd8b7560efb100a34227619e7d318fbe05

https://git.kernel.org/stable/c/ee438c492b2e0705d819ac0e25d04fae758d8f8f

https://git.kernel.org/stable/c/faf332a10372390ce65d0b803888f4b25a388335

https://git.kernel.org/stable/c/676f03760ca1d69c2470cef36c44dc152494b47c

https://git.kernel.org/stable/c/0dab92484474587b82e8e0455839eaf5ac7bf894

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

https://nvd.nist.gov/vuln/detail/CVE-2025-39718

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39718

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39718

EUVD