Primary

Context

Linux Kernel virtio-net Overflow Vulnerability in virtnet_rq_alloc

Vulnerability

Patched

A vulnerability in the Linux kernel's virtio-net implementation can lead to a buffer overflow in the virtnet_rq_alloc function. This issue arises when the fragment size is one page and the combined size of the buffer and virtnet_rq_dma exceeds one page, causing an overflow. The problem was introduced by a previous commit and has been causing reliable crashes or failures when transferring large files via SCP to a virtual machine, especially when a specific sysctl value is set.

Impact

Exploitation of this vulnerability can cause a buffer overflow, leading to potential memory corruption.

Remediation

Users can upgrade to the latest Linux version where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel virtio-net Overflow Vulnerability in virtnet_rq_alloc

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating