-

CVE-2025-40292

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: fix received length check in big packets

Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length
for big packets"), when guest gso is off, the allocated size for big
packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on
negotiated MTU. The number of allocated frags for big packets is stored
in vi->big_packets_num_skbfrags.

Because the host announced buffer length can be malicious (e.g. the host
vhost_net driver's get_rx_bufs is modified to announce incorrect
length), we need a check in virtio_net receive path. Currently, the
check is not adapted to the new change which can lead to NULL page
pointer dereference in the below while loop when receiving length that
is larger than the allocated one.

This commit fixes the received length check corresponding to the new
change.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 82f9028e83944a9eee5229cbc6fee9be1de8a62d
Version 4959aebba8c06992abafa09d1e80965e0825af54
Status affected
Version < 946dec89c41726b94d31147ec528b96af0be1b5a
Version 4959aebba8c06992abafa09d1e80965e0825af54
Status affected
Version < 82fe78065450d2d07f36a22e2b6b44955cf5ca5b
Version 4959aebba8c06992abafa09d1e80965e0825af54
Status affected
Version < 3e9d89f2ecd3636bd4cbdfd0b2dfdaf58f9882e2
Version 4959aebba8c06992abafa09d1e80965e0825af54
Status affected
Version < 0c716703965ffc5ef4311b65cb5d84a703784717
Version 4959aebba8c06992abafa09d1e80965e0825af54
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.1
Status affected
Version < 6.1
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.159
Status unaffected
Version <= 6.6.*
Version 6.6.117
Status unaffected
Version <= 6.12.*
Version 6.12.58
Status unaffected
Version <= 6.17.*
Version 6.17.8
Status unaffected
Version <= *
Version 6.18
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.056
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String