CVE-2025-39718— vsock/virtio: Validate length in packet header before skb_put()

AI Predicted 8.8 Difficulty: Easy EPSS 0.02% · P7 Updated May 24, 2026

Affected Version Matrix 13

Vendor	Product	Version Range	Status
Linux	Linux	`baddcc2c71572968cdaeee1c4ab3dc0ad90fa765< 969b06bd8b7560efb100a34227619e7d318fbe05`	affected
		`71dc9ec9ac7d3eee785cdc986c3daeb821381e20< ee438c492b2e0705d819ac0e25d04fae758d8f8f`	affected
		`71dc9ec9ac7d3eee785cdc986c3daeb821381e20< faf332a10372390ce65d0b803888f4b25a388335`	affected
		`71dc9ec9ac7d3eee785cdc986c3daeb821381e20< 676f03760ca1d69c2470cef36c44dc152494b47c`	affected
		`71dc9ec9ac7d3eee785cdc986c3daeb821381e20< 0dab92484474587b82e8e0455839eaf5ac7bf894`	affected
		`6.1.63< 6.1.149`	affected
		`6.3`	affected
		`< 6.3`	unaffected
… +5 more rows

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-39718

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

vsock/virtio: Validate length in packet header before skb_put()

Source: NVD (National Vulnerability Database)

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put().

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于未验证包头长度，可能导致SKB溢出。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Linux	Linux	baddcc2c71572968cdaeee1c4ab3dc0ad90fa765 ~ 969b06bd8b7560efb100a34227619e7d318fbe05	-
Linux	Linux	6.3	-

II. Public POCs for CVE-2025-39718

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-39718

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-39718

Same Patch Batch · Linux · 2025-09-05 · 60 CVEs total

CVE-2025-39706		drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
CVE-2025-39725		mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list
CVE-2025-39722		crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP
CVE-2025-39721		crypto: qat - flush misc workqueue during device shutdown
CVE-2025-39720		ksmbd: fix refcount leak causing resource not released
CVE-2025-39723		netfs: Fix unbuffered write error handling
CVE-2025-39710		media: venus: Add a check for packet size after reading from shared memory
CVE-2025-39709		media: venus: protect against spurious interrupts during probe
CVE-2025-39708		media: iris: Fix NULL pointer dereference
CVE-2025-39707		drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
CVE-2025-39711		media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls
CVE-2025-39705		drm/amd/display: fix a Null pointer dereference vulnerability
CVE-2025-39704		LoongArch: KVM: Fix stack protector issue in send_ipi_data()
CVE-2025-39703		net, hsr: reject HSR frame if skb can't hold tag
CVE-2025-39702		ipv6: sr: Fix MAC comparison to be constant-time
CVE-2025-39701		ACPI: pfr_update: Fix the driver update version check
CVE-2025-39700		mm/damon/ops-common: ignore migration request to invalid nodes
CVE-2025-39699		iommu/riscv: prevent NULL deref in iova_to_phys
CVE-2025-39698		io_uring/futex: ensure io_futex_wait() cleans up properly on failure
CVE-2025-39697		NFS: Fix a race when updating an existing write

Showing top 20 of 60 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux

Same vendor: Linux

V. Comments for CVE-2025-39718

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-39718— vsock/virtio: Validate length in packet header before skb_put()

Affected Version Matrix 13

I. Basic Information for CVE-2025-39718

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-39718

III. Intelligence Information for CVE-2025-39718

Same Patch Batch · Linux · 2025-09-05 · 60 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-39718

Leave a comment