CVE-2025-39718
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Validate length in packet header before skb_put()
When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky.
Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | baddcc2c71572968cdaeee1c4ab3dc0ad90fa765 < 969b06bd8b7560efb100a34227619e7d318fbe05 | affected |
| Linux | Linux | 71dc9ec9ac7d3eee785cdc986c3daeb821381e20 < ee438c492b2e0705d819ac0e25d04fae758d8f8f | affected |
| Linux | Linux | 71dc9ec9ac7d3eee785cdc986c3daeb821381e20 < faf332a10372390ce65d0b803888f4b25a388335 | affected |
| Linux | Linux | 71dc9ec9ac7d3eee785cdc986c3daeb821381e20 < 676f03760ca1d69c2470cef36c44dc152494b47c | affected |
| Linux | Linux | 71dc9ec9ac7d3eee785cdc986c3daeb821381e20 < 0dab92484474587b82e8e0455839eaf5ac7bf894 | affected |
| Linux | Linux | 6.1.63 < 6.1.149 | affected |
| Linux | Linux | 6.3 | affected |
| Linux | Linux | 0 < 6.3 | unaffected |
| Linux | Linux | 6.1.149 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.103 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.44 <= 6.12.* | unaffected |
| Linux | Linux | 6.16.4 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
Additional References
References
- https://git.kernel.org/stable/c/969b06bd8b7560efb100a34227619e7d318fbe05
- https://git.kernel.org/stable/c/ee438c492b2e0705d819ac0e25d04fae758d8f8f
- https://git.kernel.org/stable/c/faf332a10372390ce65d0b803888f4b25a388335
- https://git.kernel.org/stable/c/676f03760ca1d69c2470cef36c44dc152494b47c
- https://git.kernel.org/stable/c/0dab92484474587b82e8e0455839eaf5ac7bf894
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.