{"id":"CVE-2025-38413","summary":"virtio-net: xsk: rx: fix the frame's length check","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: xsk: rx: fix the frame's length check\n\nWhen calling buf_to_xdp, the len argument is the frame data's length\nwithout virtio header's length (vi-\u003ehdr_len). We check that len with\n\n\txsk_pool_get_rx_frame_size() + vi-\u003ehdr_len\n\nto ensure the provided len does not larger than the allocated chunk\nsize. The additional vi-\u003ehdr_len is because in virtnet_add_recvbuf_xsk,\nwe use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost\nto start placing data from\n\n\thard_start + XDP_PACKET_HEADROOM - vi-\u003ehdr_len\nnot\n\thard_start + XDP_PACKET_HEADROOM\n\nBut the first buffer has virtio_header, so the maximum frame's length in\nthe first buffer can only be\n\n\txsk_pool_get_rx_frame_size()\nnot\n\txsk_pool_get_rx_frame_size() + vi-\u003ehdr_len\n\nlike in the current check.\n\nThis commit adds an additional argument to buf_to_xdp differentiate\nbetween the first buffer and other ones to correctly calculate the maximum\nframe's length.","modified":"2026-04-02T12:47:58.030914Z","published":"2025-07-25T13:20:17.394Z","related":["SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38413.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5177373c31318c3c6a190383bfd232e6cf565c36"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6013bb6bc24c2cac3f45b37a15b71b232a5b00ff"},{"type":"WEB","url":"https://git.kernel.org/stable/c/892f6ed9a4a38bb3360fdff091b9241cfa105b61"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38413.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38413"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a4e7ba7027012f009f22a68bcfde670f9298d3a4"},{"fixed":"892f6ed9a4a38bb3360fdff091b9241cfa105b61"},{"fixed":"6013bb6bc24c2cac3f45b37a15b71b232a5b00ff"},{"fixed":"5177373c31318c3c6a190383bfd232e6cf565c36"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38413.json"}}],"schema_version":"1.7.5"}