diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index a757cbcab87f..ec1ee1565715 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -3311,11 +3311,16 @@ static int xmit_skb(struct send_queue *sq, struct sk_buff *skb, bool orphan)
 		!skb_header_cloned(skb) && skb_headroom(skb) >= hdr_len;
 	/* Even if we can, don't push here yet as this would skew
 	 * csum_start offset below. */
-	if (can_push)
-		hdr = (struct virtio_net_hdr_v1_hash_tunnel *)(skb->data -
-							       hdr_len);
-	else
-		hdr = &skb_vnet_common_hdr(skb)->tnl_hdr;
+    if (can_push)
+        hdr = (struct virtio_net_hdr_v1_hash_tunnel *)(skb->data -
+                                                       hdr_len);
+    else
+        hdr = &skb_vnet_common_hdr(skb)->tnl_hdr;
+
+    /* Zero the whole virtio header region to avoid leaking uninitialized
+     * bytes via DMA and to satisfy KMSAN when mapping the header sg.
+     */
+    memset(hdr, 0, hdr_len);
 
 	if (virtio_net_hdr_tnl_from_skb(skb, hdr, vi->tx_tnl,
 					virtio_is_little_endian(vi->vdev), 0))