PT-2025-36312 · Linux+10 · Linux Kernel+10

Published

2025-01-01

·

Updated

2026-04-20

·

CVE-2025-39718

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel’s vsock/virtio subsystem. The vulnerability occurs when receiving a vsock packet in the guest, where the length from the packet header is used as the argument to skb put() without proper validation. This can lead to a SKB (socket buffer) overflow if the host provides an incorrect length. The issue resides in the lack of validation of the length advertised by the packet header before calling virtio vsock skb rx put().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025:21397
ALSA-2025:21398
AZL-66947
BDU:2025-15002
CESA-2025_21397
CESA-2025_21398
CVE-2025-39718
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-E9BA-90DE-721A
INFSA-2025_19105
INFSA-2025_21112
INFSA-2025_21397
INFSA-2025_21398
MGASA-2025-0234
MGASA-2025-0235
OESA-2025-2351
OESA-2025-2352
OESA-2025-2353
OPENSUSE-SU-2025:20081-1
RHSA-2025:19104
RHSA-2025:19105
RHSA-2025:19106
RHSA-2025:21112
RHSA-2025:21118
RHSA-2025:21397
RHSA-2025:21398
RHSA-2025_19105
RHSA-2025_21112
RHSA-2025_21397
RHSA-2025_21398
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu