CVE-2025-38622

In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...

CVE-2025-38413

CVE-2025-38413 : In the Linux kernel virtio-net XDP path (xsk RX), len passed to buf_to_xdp did not consistently account for virtio header length for the first buffer, risking an incorrect frame size check. The fix differentiates the first buffer from subsequent ones by introducing an extra param...

CVE-2022-50181 virtio-gpu: fix a missing check to avoid NULL dereference

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside virtiogpucmdgetcapset and it will lead to a NULL dereference by a lately use of it i.e., ptr = cacheent-capscache. Fix it with a NULL...

The vulnerability of the vhost_net_set_backend function (drivers/vhost/net.c) in the Linux kernel’s virtio subcomponent allows a attacker to cause a service failure and expose sensitive information.

The vulnerability of the vhostnetsetbackend function drivers/vhost/net.c in the Linux kernel’s virtio subcomponent is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure and expose sensitive information...