CVE-2025-38314

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw exists in the virtio-pci subsystem where the result size returned for admin command completion is larger than the actual result data size by 8 bytes. This occurs because the result sg size field is populated with the length from virtqueue get buf(), which includes both the data size and an additional 8 bytes of status information. This oversized result size can lead to extra data being transferred to the destination and potential failures when reading beyond the allocated buffer size in the kernel.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.