4.7

CVE-2025-38461

vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved:

vsock: Fix transport_* TOCTOU

Transport assignment may race with module unload. Protect new_transport
from becoming a stale pointer.

This also takes care of an insecure call in vsock_use_local_transport();
add a lockdep assert.

BUG: unable to handle page fault for address: fffffbfff8056000
Oops: Oops: 0000 [#1] SMP KASAN
RIP: 0010:vsock_assign_transport+0x366/0x600
Call Trace:
 vsock_connect+0x59c/0xc40
 __sys_connect+0xe8/0x100
 __x64_sys_connect+0x6e/0xc0
 do_syscall_64+0x92/0x1c0
 entry_SYSCALL_64_after_hwframe+0x4b/0x53
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.5 < 5.10.240
LinuxLinux Kernel Version >= 5.11 < 5.15.189
LinuxLinux Kernel Version >= 5.16 < 6.1.146
LinuxLinux Kernel Version >= 6.2 < 6.6.99
LinuxLinux Kernel Version >= 6.7 < 6.12.39
LinuxLinux Kernel Version >= 6.13 < 6.15.7
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
LinuxLinux Kernel Version6.16 Updaterc3
LinuxLinux Kernel Version6.16 Updaterc4
LinuxLinux Kernel Version6.16 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.017
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

https://git.kernel.org/stable/c/36a439049b34cca0b3661276049b84a1f76cc21a
Patch
https://git.kernel.org/stable/c/687aa0c5581b8d4aa87fd92973e4ee576b550cdf
Patch
https://git.kernel.org/stable/c/7b73bddf54777fb62d4d8c7729d0affe6df04477
Patch
https://git.kernel.org/stable/c/8667e8d0eb46bc54fdae30ba2f4786407d3d88eb
Patch
https://git.kernel.org/stable/c/9ce53e744f18e73059d3124070e960f3aa9902bf
Patch
https://git.kernel.org/stable/c/9d24bb6780282b0255b9929abe5e8f98007e2c6e
Patch
https://git.kernel.org/stable/c/ae2c712ba39c7007de63cb0c75b51ce1caaf1da5
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory