Back to search
CVE-2025-38375
Published: Jul 25, 2025
Modified: May 11, 2026
PUBLISHED
Description
In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 4941d472bf95b4345d6e38906fcf354e74afa311 - < 773e95c268b5d859f51f7547559734fd2a57660caffected 4941d472bf95b4345d6e38906fcf354e74afa311 - < ddc8649d363141fb3371dd81a73e1cb4ef8ed1e1affected 4941d472bf95b4345d6e38906fcf354e74afa311 - < 982beb7582c193544eb9c6083937ec5ac1c9d651affected 4941d472bf95b4345d6e38906fcf354e74afa311 - < 6aca3dad2145e864dfe4d1060f45eb1bac75dd58affected 4941d472bf95b4345d6e38906fcf354e74afa311 - < 80b971be4c37a4d23a7f1abc5ff33dc7733d649b+3 more versions |
Linux | Linux | affected 4.14unaffected 0 - < 4.14unaffected 5.4.297 - <= 5.4.*unaffected 5.10.241 - <= 5.10.*unaffected 5.15.189 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now