4.7

CVE-2025-38462

vsock: Fix transport_{g2h,h2g} TOCTOU

In the Linux kernel, the following vulnerability has been resolved:

vsock: Fix transport_{g2h,h2g} TOCTOU

vsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.
transport_{g2h,h2g} may become NULL after the NULL check.

Introduce vsock_transport_local_cid() to protect from a potential
null-ptr-deref.

KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]
RIP: 0010:vsock_find_cid+0x47/0x90
Call Trace:
 __vsock_bind+0x4b2/0x720
 vsock_bind+0x90/0xe0
 __sys_bind+0x14d/0x1e0
 __x64_sys_bind+0x6e/0xc0
 do_syscall_64+0x92/0x1c0
 entry_SYSCALL_64_after_hwframe+0x4b/0x53

KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]
RIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0
Call Trace:
 __x64_sys_ioctl+0x12d/0x190
 do_syscall_64+0x92/0x1c0
 entry_SYSCALL_64_after_hwframe+0x4b/0x53
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.5 < 5.10.240
LinuxLinux Kernel Version >= 5.11 < 5.15.189
LinuxLinux Kernel Version >= 5.16 < 6.1.146
LinuxLinux Kernel Version >= 6.2 < 6.6.99
LinuxLinux Kernel Version >= 6.7 < 6.12.39
LinuxLinux Kernel Version >= 6.13 < 6.15.7
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
LinuxLinux Kernel Version6.16 Updaterc3
LinuxLinux Kernel Version6.16 Updaterc4
LinuxLinux Kernel Version6.16 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.016
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

https://git.kernel.org/stable/c/209fd720838aaf1420416494c5505096478156b4
Patch
https://git.kernel.org/stable/c/3734d78210cceb2ee5615719a62a5c55ed381ff8
Patch
https://git.kernel.org/stable/c/401239811fa728fcdd53e360a91f157ffd23e1f4
Patch
https://git.kernel.org/stable/c/5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17
Patch
https://git.kernel.org/stable/c/6a1bcab67bea797d83aa9dd948a0ac6ed52d121d
Patch
https://git.kernel.org/stable/c/80d7dc15805a93d520a249ac6d13d4f4df161c1b
Patch
https://git.kernel.org/stable/c/c5496ee685c48ed1cc183cd4263602579bb4a615
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory