{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T23:51:17.059","vulnerabilities":[{"cve":{"id":"CVE-2025-38314","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-07-10T08:15:30.363","lastModified":"2025-11-18T12:55:11.163","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Fix result size returned for the admin command completion\n\nThe result size returned by virtio_pci_admin_dev_parts_get() is 8 bytes\nlarger than the actual result data size. This occurs because the\nresult_sg_size field of the command is filled with the result length\nfrom virtqueue_get_buf(), which includes both the data size and an\nadditional 8 bytes of status.\n\nThis oversized result size causes two issues:\n1. The state transferred to the destination includes 8 bytes of extra\n   data at the end.\n2. The allocated buffer in the kernel may be smaller than the returned\n   size, leading to failures when reading beyond the allocated size.\n\nThe commit fixes this by subtracting the status size from the result of\nvirtqueue_get_buf().\n\nThis fix has been tested through live migrations with virtio-net,\nvirtio-net-transitional, and virtio-blk devices."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-pci: Se corrige el tamaño del resultado devuelto para la finalización del comando admin El tamaño del resultado devuelto por virtio_pci_admin_dev_parts_get() es 8 bytes más grande que el tamaño real de los datos del resultado. Esto ocurre porque el campo result_sg_size del comando se llena con la longitud del resultado de virtqueue_get_buf(), que incluye tanto el tamaño de los datos como 8 bytes adicionales de estado. Este tamaño de resultado sobredimensionado causa dos problemas: 1. El estado transferido al destino incluye 8 bytes de datos adicionales al final. 2. El búfer asignado en el kernel puede ser más pequeño que el tamaño devuelto, lo que provoca fallas al leer más allá del tamaño asignado. La confirmación corrige esto restando el tamaño del estado del resultado de virtqueue_get_buf(). Esta corrección se ha probado a través de migraciones en vivo con dispositivos virtio-net, virtio-net-transitional y virtio-blk. "}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.3","matchCriteriaId":"0541C761-BD5E-4C1A-8432-83B375D7EB92"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/920b6720bb63893b81516c0c45884a8350f9e4bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9ef41ebf787fcbde99ac404ae473f8467641f983","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}