CVE-2025-39718

Published: Sep 5, 2025

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put().

Vendor	Product	Versions
Linux	Linux	affected `baddcc2c71572968cdaeee1c4ab3dc0ad90fa765 - < 969b06bd8b7560efb100a34227619e7d318fbe05` affected `71dc9ec9ac7d3eee785cdc986c3daeb821381e20 - < ee438c492b2e0705d819ac0e25d04fae758d8f8f` affected `71dc9ec9ac7d3eee785cdc986c3daeb821381e20 - < faf332a10372390ce65d0b803888f4b25a388335` affected `71dc9ec9ac7d3eee785cdc986c3daeb821381e20 - < 676f03760ca1d69c2470cef36c44dc152494b47c` affected `71dc9ec9ac7d3eee785cdc986c3daeb821381e20 - < 0dab92484474587b82e8e0455839eaf5ac7bf894` +1 more versions
Linux	Linux	affected `6.3` unaffected `0 - < 6.3` unaffected `6.1.149 - <= 6.1.` unaffected `6.6.103 - <= 6.6.` unaffected `6.12.44 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/969b06bd8b7560efb100a34227619e7d318fbe05

https://git.kernel.org/stable/c/ee438c492b2e0705d819ac0e25d04fae758d8f8f

https://git.kernel.org/stable/c/faf332a10372390ce65d0b803888f4b25a388335

https://git.kernel.org/stable/c/676f03760ca1d69c2470cef36c44dc152494b47c

https://git.kernel.org/stable/c/0dab92484474587b82e8e0455839eaf5ac7bf894

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-39718

Description

Affected Products

References