Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put().

INFO

Published Date :

2025-09-05T17:21:25.959Z

Last Modified :

2025-09-05T17:21:25.959Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-39718 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-39718.

URL Resource
https://git.kernel.org/stable/c/0dab92484474587b82e8e0455839eaf5ac7bf894 cve-icon cve-icon
https://git.kernel.org/stable/c/676f03760ca1d69c2470cef36c44dc152494b47c cve-icon cve-icon
https://git.kernel.org/stable/c/969b06bd8b7560efb100a34227619e7d318fbe05 cve-icon cve-icon
https://git.kernel.org/stable/c/ee438c492b2e0705d819ac0e25d04fae758d8f8f cve-icon cve-icon
https://git.kernel.org/stable/c/faf332a10372390ce65d0b803888f4b25a388335 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025090551-CVE-2025-39718-2e2c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39718 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39718 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact