Out-of-Bound Read Vulnerability in Linux Kernel's virtio-net
CVE-2025-38375

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38375?

A critical vulnerability exists in the Linux kernel's virtio-net component due to insufficient validation of received buffer lengths compared to allocated sizes. This oversight can lead to out-of-bounds reads during the processing of network data, potentially exposing sensitive information or allowing attackers to exploit system memory. A recent commit addresses this vulnerability by adding necessary checks to ensure received lengths do not exceed the allocated sizes.

Affected Version(s)

Linux 4941d472bf95b4345d6e38906fcf354e74afa311 < 982beb7582c193544eb9c6083937ec5ac1c9d651

Linux 4941d472bf95b4345d6e38906fcf354e74afa311 < 6aca3dad2145e864dfe4d1060f45eb1bac75dd58

Linux 4941d472bf95b4345d6e38906fcf354e74afa311 < 80b971be4c37a4d23a7f1abc5ff33dc7733d649b

References

https://git.kernel.org/stable/c/982beb7582c193544eb9c6083...

https://git.kernel.org/stable/c/6aca3dad2145e864dfe4d1060...

https://git.kernel.org/stable/c/80b971be4c37a4d23a7f1abc5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025