CVE-2025-38314

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio-pci: Fix result size returned for the admin command completion<br /> <br /> The result size returned by virtio_pci_admin_dev_parts_get() is 8 bytes<br /> larger than the actual result data size. This occurs because the<br /> result_sg_size field of the command is filled with the result length<br /> from virtqueue_get_buf(), which includes both the data size and an<br /> additional 8 bytes of status.<br /> <br /> This oversized result size causes two issues:<br /> 1. The state transferred to the destination includes 8 bytes of extra<br /> data at the end.<br /> 2. The allocated buffer in the kernel may be smaller than the returned<br /> size, leading to failures when reading beyond the allocated size.<br /> <br /> The commit fixes this by subtracting the status size from the result of<br /> virtqueue_get_buf().<br /> <br /> This fix has been tested through live migrations with virtio-net,<br /> virtio-net-transitional, and virtio-blk devices.