-
CVE-2025-40292
- EPSS 0.03%
- Veröffentlicht 08.12.2025 00:46:15
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
virtio-net: fix received length check in big packets
In the Linux kernel, the following vulnerability has been resolved:
virtio-net: fix received length check in big packets
Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length
for big packets"), when guest gso is off, the allocated size for big
packets is not MAX_SKB_FRAGS * PAGE_SIZE anymore but depends on
negotiated MTU. The number of allocated frags for big packets is stored
in vi->big_packets_num_skbfrags.
Because the host announced buffer length can be malicious (e.g. the host
vhost_net driver's get_rx_bufs is modified to announce incorrect
length), we need a check in virtio_net receive path. Currently, the
check is not adapted to the new change which can lead to NULL page
pointer dereference in the below while loop when receiving length that
is larger than the allocated one.
This commit fixes the received length check corresponding to the new
change.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
4959aebba8c06992abafa09d1e80965e0825af54
Version <
82f9028e83944a9eee5229cbc6fee9be1de8a62d
Status
affected
Version
4959aebba8c06992abafa09d1e80965e0825af54
Version <
946dec89c41726b94d31147ec528b96af0be1b5a
Status
affected
Version
4959aebba8c06992abafa09d1e80965e0825af54
Version <
82fe78065450d2d07f36a22e2b6b44955cf5ca5b
Status
affected
Version
4959aebba8c06992abafa09d1e80965e0825af54
Version <
3e9d89f2ecd3636bd4cbdfd0b2dfdaf58f9882e2
Status
affected
Version
4959aebba8c06992abafa09d1e80965e0825af54
Version <
0c716703965ffc5ef4311b65cb5d84a703784717
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
6.1
Status
affected
Version
0
Version <
6.1
Status
unaffected
Version <=
6.1.*
Version
6.1.159
Status
unaffected
Version <=
6.6.*
Version
6.6.117
Status
unaffected
Version <=
6.12.*
Version
6.12.58
Status
unaffected
Version <=
6.17.*
Version
6.17.8
Status
unaffected
Version <=
*
Version
6.18
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.092 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|