Description

In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check.

INFO

Published Date :

2025-07-25T12:53:17.629Z

Last Modified :

2025-07-28T04:20:21.442Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38375 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38375.

URL Resource
https://git.kernel.org/stable/c/11f2d0e8be2b5e784ac45fa3da226492c3e506d8 cve-icon cve-icon
https://git.kernel.org/stable/c/315dbdd7cdf6aa533829774caaf4d25f1fd20e73 cve-icon cve-icon
https://git.kernel.org/stable/c/6aca3dad2145e864dfe4d1060f45eb1bac75dd58 cve-icon cve-icon
https://git.kernel.org/stable/c/80b971be4c37a4d23a7f1abc5ff33dc7733d649b cve-icon cve-icon
https://git.kernel.org/stable/c/982beb7582c193544eb9c6083937ec5ac1c9d651 cve-icon cve-icon
https://git.kernel.org/stable/c/bc68bc3563344ccdc57d1961457cdeecab8f81ef cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025072503-CVE-2025-38375-3faa@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38375 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38375 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact