CVE-2025-38413

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio-net: xsk: rx: fix the frame&amp;#39;s length check<br /> <br /> When calling buf_to_xdp, the len argument is the frame data&amp;#39;s length<br /> without virtio header&amp;#39;s length (vi-&gt;hdr_len). We check that len with<br /> <br /> xsk_pool_get_rx_frame_size() + vi-&gt;hdr_len<br /> <br /> to ensure the provided len does not larger than the allocated chunk<br /> size. The additional vi-&gt;hdr_len is because in virtnet_add_recvbuf_xsk,<br /> we use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost<br /> to start placing data from<br /> <br /> hard_start + XDP_PACKET_HEADROOM - vi-&gt;hdr_len<br /> not<br /> hard_start + XDP_PACKET_HEADROOM<br /> <br /> But the first buffer has virtio_header, so the maximum frame&amp;#39;s length in<br /> the first buffer can only be<br /> <br /> xsk_pool_get_rx_frame_size()<br /> not<br /> xsk_pool_get_rx_frame_size() + vi-&gt;hdr_len<br /> <br /> like in the current check.<br /> <br /> This commit adds an additional argument to buf_to_xdp differentiate<br /> between the first buffer and other ones to correctly calculate the maximum<br /> frame&amp;#39;s length.