| ID |
CVE-2025-38413
|
| Sažetak |
In the Linux kernel, the following vulnerability has been resolved:
virtio-net: xsk: rx: fix the frame's length check
When calling buf_to_xdp, the len argument is the frame data's length
without virtio header's length (vi->hdr_len). We check that len with
xsk_pool_get_rx_frame_size() + vi->hdr_len
to ensure the provided len does not larger than the allocated chunk
size. The additional vi->hdr_len is because in virtnet_add_recvbuf_xsk,
we use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost
to start placing data from
hard_start + XDP_PACKET_HEADROOM - vi->hdr_len
not
hard_start + XDP_PACKET_HEADROOM
But the first buffer has virtio_header, so the maximum frame's length in
the first buffer can only be
xsk_pool_get_rx_frame_size()
not
xsk_pool_get_rx_frame_size() + vi->hdr_len
like in the current check.
This commit adds an additional argument to buf_to_xdp differentiate
between the first buffer and other ones to correctly calculate the maximum
frame's length. |
| Reference |
|
| CVSS |
| Base: | 0.0 |
| Impact: | None |
| Exploitability: | None |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| None |
None |
None |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| None |
None |
None |
|
| CVSS vektor |
None |
| Zadnje važnije ažuriranje |
25-07-2025 - 15:29 |
| Objavljeno |
25-07-2025 - 14:15 |
