Si-Wei Liu

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue is related to an overflow inside `virtnet rq alloc` in the `virtio-net` component. This occurs when a frag just got a page and the `sysctl net.core.high order alloc disable` value is 1, leading to reliable crashes or `scp` failure when transferring large files to a VM. The problem arises because `virtnet rq dma` takes up 16 bytes at the beginning of a new frag, causing an overflow when the frag size is only one page and the total size of the buffer and `virtnet rq dma` exceeds one page. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider adjusting the `sysctl net.core.high order alloc disable` value to 0 to minimize the risk of exploitation. Restrict access to the `virtio-net` component to minimize the risk of crashes or `scp` failures until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the tap get user xdp() path, where a missing verification for short frames could cause a corrupted skb to be sent downstack. This could lead to out-of-bound access beyond the actual length or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. The alternative path, tap get user(), already prohibits short frames with lengths less than the Ethernet header size from being transmitted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.