{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38314", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.003Z", "datePublished": "2025-07-10T07:42:21.937Z", "dateUpdated": "2025-07-10T07:42:21.937Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-10T07:42:21.937Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Fix result size returned for the admin command completion\n\nThe result size returned by virtio_pci_admin_dev_parts_get() is 8 bytes\nlarger than the actual result data size. This occurs because the\nresult_sg_size field of the command is filled with the result length\nfrom virtqueue_get_buf(), which includes both the data size and an\nadditional 8 bytes of status.\n\nThis oversized result size causes two issues:\n1. The state transferred to the destination includes 8 bytes of extra\n data at the end.\n2. The allocated buffer in the kernel may be smaller than the returned\n size, leading to failures when reading beyond the allocated size.\n\nThe commit fixes this by subtracting the status size from the result of\nvirtqueue_get_buf().\n\nThis fix has been tested through live migrations with virtio-net,\nvirtio-net-transitional, and virtio-blk devices."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/virtio/virtio_pci_modern.c"], "versions": [{"version": "704806ca400e5daa86c110f14bfdda9d28203bb7", "lessThan": "920b6720bb63893b81516c0c45884a8350f9e4bf", "status": "affected", "versionType": "git"}, {"version": "704806ca400e5daa86c110f14bfdda9d28203bb7", "lessThan": "9ef41ebf787fcbde99ac404ae473f8467641f983", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/virtio/virtio_pci_modern.c"], "versions": [{"version": "6.13", "status": "affected"}, {"version": "0", "lessThan": "6.13", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.3", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.15.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.16-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/920b6720bb63893b81516c0c45884a8350f9e4bf"}, {"url": "https://git.kernel.org/stable/c/9ef41ebf787fcbde99ac404ae473f8467641f983"}], "title": "virtio-pci: Fix result size returned for the admin command completion", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Fix result size returned for the admin command completion\n\nThe result size returned by virtio_pci_admin_dev_parts_get() is 8 bytes\nlarger than the actual result data size. This occurs because the\nresult_sg_size field of the command is filled with the result length\nfrom virtqueue_get_buf(), which includes both the data size and an\nadditional 8 bytes of status.\n\nThis oversized result size causes two issues:\n1. The state transferred to the destination includes 8 bytes of extra\n data at the end.\n2. The allocated buffer in the kernel may be smaller than the returned\n size, leading to failures when reading beyond the allocated size.\n\nThe commit fixes this by subtracting the status size from the result of\nvirtqueue_get_buf().\n\nThis fix has been tested through live migrations with virtio-net,\nvirtio-net-transitional, and virtio-blk devices."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-pci: Se corrige el tama\u00f1o del resultado devuelto para la finalizaci\u00f3n del comando admin El tama\u00f1o del resultado devuelto por virtio_pci_admin_dev_parts_get() es 8 bytes m\u00e1s grande que el tama\u00f1o real de los datos del resultado. Esto ocurre porque el campo result_sg_size del comando se llena con la longitud del resultado de virtqueue_get_buf(), que incluye tanto el tama\u00f1o de los datos como 8 bytes adicionales de estado. Este tama\u00f1o de resultado sobredimensionado causa dos problemas: 1. El estado transferido al destino incluye 8 bytes de datos adicionales al final. 2. El b\u00fafer asignado en el kernel puede ser m\u00e1s peque\u00f1o que el tama\u00f1o devuelto, lo que provoca fallas al leer m\u00e1s all\u00e1 del tama\u00f1o asignado. La confirmaci\u00f3n corrige esto restando el tama\u00f1o del estado del resultado de virtqueue_get_buf(). Esta correcci\u00f3n se ha probado a trav\u00e9s de migraciones en vivo con dispositivos virtio-net, virtio-net-transitional y virtio-blk. "}], "id": "CVE-2025-38314", "lastModified": "2025-07-10T13:17:30.017", "metrics": {}, "published": "2025-07-10T08:15:30.363", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/920b6720bb63893b81516c0c45884a8350f9e4bf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9ef41ebf787fcbde99ac404ae473f8467641f983"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}