-

CVE-2025-38461

EPSS 0.04%
Published 25.07.2025 16:15:31
Last modified 29.07.2025 14:14:55
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

vsock: Fix transport_* TOCTOU

Transport assignment may race with module unload. Protect new_transport
from becoming a stale pointer.

This also takes care of an insecure call in vsock_use_local_transport();
add a lockdep assert.

BUG: unable to handle page fault for address: fffffbfff8056000
Oops: Oops: 0000 [#1] SMP KASAN
RIP: 0010:vsock_assign_transport+0x366/0x600
Call Trace:
 vsock_connect+0x59c/0xc40
 __sys_connect+0xe8/0x100
 __x64_sys_connect+0x6e/0xc0
 do_syscall_64+0x92/0x1c0
 entry_SYSCALL_64_after_hwframe+0x4b/0x53

Affected products Warnungen 0 Metrics 1 CWE 0 References 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 8667e8d0eb46bc54fdae30ba2f4786407d3d88eb

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 36a439049b34cca0b3661276049b84a1f76cc21a

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 9ce53e744f18e73059d3124070e960f3aa9902bf

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 9d24bb6780282b0255b9929abe5e8f98007e2c6e

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < ae2c712ba39c7007de63cb0c75b51ce1caaf1da5

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 7b73bddf54777fb62d4d8c7729d0affe6df04477

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 687aa0c5581b8d4aa87fd92973e4ee576b550cdf

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.5

Status affected

Version < 5.5

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.240

Status unaffected

Version <= 5.15.*

Version 5.15.189

Status unaffected

Version <= 6.1.*

Version 6.1.146

Status unaffected

Version <= 6.6.*

Version 6.6.99

Status unaffected

Version <= 6.12.*

Version 6.12.39

Status unaffected

Version <= 6.15.*

Version 6.15.7

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/36a439049b34cca0b3661276049b84a1f76cc21a

https://git.kernel.org/stable/c/687aa0c5581b8d4aa87fd92973e4ee576b550cdf

https://git.kernel.org/stable/c/7b73bddf54777fb62d4d8c7729d0affe6df04477

https://git.kernel.org/stable/c/8667e8d0eb46bc54fdae30ba2f4786407d3d88eb

https://git.kernel.org/stable/c/9ce53e744f18e73059d3124070e960f3aa9902bf

https://git.kernel.org/stable/c/9d24bb6780282b0255b9929abe5e8f98007e2c6e

https://git.kernel.org/stable/c/ae2c712ba39c7007de63cb0c75b51ce1caaf1da5

https://nvd.nist.gov/vuln/detail/CVE-2025-38461

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38461

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38461

EUVD