{"id":"CVE-2025-39718","summary":"vsock/virtio: Validate length in packet header before skb_put()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Validate length in packet header before skb_put()\n\nWhen receiving a vsock packet in the guest, only the virtqueue buffer\nsize is validated prior to virtio_vsock_skb_rx_put(). Unfortunately,\nvirtio_vsock_skb_rx_put() uses the length from the packet header as the\nlength argument to skb_put(), potentially resulting in SKB overflow if\nthe host has gone wonky.\n\nValidate the length as advertised by the packet header before calling\nvirtio_vsock_skb_rx_put().","modified":"2026-04-16T00:02:16.422239894Z","published":"2025-09-05T17:21:25.959Z","related":["ALSA-2025:21397","ALSA-2025:21398","SUSE-SU-2025:03600-1","SUSE-SU-2025:03601-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3725-1","SUSE-SU-2025:3751-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39718.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0dab92484474587b82e8e0455839eaf5ac7bf894"},{"type":"WEB","url":"https://git.kernel.org/stable/c/676f03760ca1d69c2470cef36c44dc152494b47c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/969b06bd8b7560efb100a34227619e7d318fbe05"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ee438c492b2e0705d819ac0e25d04fae758d8f8f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/faf332a10372390ce65d0b803888f4b25a388335"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39718.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39718"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"baddcc2c71572968cdaeee1c4ab3dc0ad90fa765"},{"fixed":"969b06bd8b7560efb100a34227619e7d318fbe05"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"71dc9ec9ac7d3eee785cdc986c3daeb821381e20"},{"fixed":"ee438c492b2e0705d819ac0e25d04fae758d8f8f"},{"fixed":"faf332a10372390ce65d0b803888f4b25a388335"},{"fixed":"676f03760ca1d69c2470cef36c44dc152494b47c"},{"fixed":"0dab92484474587b82e8e0455839eaf5ac7bf894"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39718.json"}}],"schema_version":"1.7.5"}