-

CVE-2025-38462

EPSS 0.04%
Veröffentlicht 25.07.2025 16:15:32
Zuletzt bearbeitet 29.07.2025 14:14:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

vsock: Fix transport_{g2h,h2g} TOCTOU

vsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.
transport_{g2h,h2g} may become NULL after the NULL check.

Introduce vsock_transport_local_cid() to protect from a potential
null-ptr-deref.

KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]
RIP: 0010:vsock_find_cid+0x47/0x90
Call Trace:
 __vsock_bind+0x4b2/0x720
 vsock_bind+0x90/0xe0
 __sys_bind+0x14d/0x1e0
 __x64_sys_bind+0x6e/0xc0
 do_syscall_64+0x92/0x1c0
 entry_SYSCALL_64_after_hwframe+0x4b/0x53

KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]
RIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0
Call Trace:
 __x64_sys_ioctl+0x12d/0x190
 do_syscall_64+0x92/0x1c0
 entry_SYSCALL_64_after_hwframe+0x4b/0x53

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c5496ee685c48ed1cc183cd4263602579bb4a615

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 80d7dc15805a93d520a249ac6d13d4f4df161c1b

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 401239811fa728fcdd53e360a91f157ffd23e1f4

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 3734d78210cceb2ee5615719a62a5c55ed381ff8

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 6a1bcab67bea797d83aa9dd948a0ac6ed52d121d

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

Version < 209fd720838aaf1420416494c5505096478156b4

Version c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.5

Status affected

Version < 5.5

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.240

Status unaffected

Version <= 5.15.*

Version 5.15.189

Status unaffected

Version <= 6.1.*

Version 6.1.146

Status unaffected

Version <= 6.6.*

Version 6.6.99

Status unaffected

Version <= 6.12.*

Version 6.12.39

Status unaffected

Version <= 6.15.*

Version 6.15.7

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/209fd720838aaf1420416494c5505096478156b4

https://git.kernel.org/stable/c/3734d78210cceb2ee5615719a62a5c55ed381ff8

https://git.kernel.org/stable/c/401239811fa728fcdd53e360a91f157ffd23e1f4

https://git.kernel.org/stable/c/5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17

https://git.kernel.org/stable/c/6a1bcab67bea797d83aa9dd948a0ac6ed52d121d

https://git.kernel.org/stable/c/80d7dc15805a93d520a249ac6d13d4f4df161c1b

https://git.kernel.org/stable/c/c5496ee685c48ed1cc183cd4263602579bb4a615

https://nvd.nist.gov/vuln/detail/CVE-2025-38462

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38462

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38462

EUVD