-

CVE-2025-38618

EPSS 0.05%
Published 22.08.2025 13:01:24
Last modified 28.08.2025 15:15:56
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

vsock: Do not allow binding to VMADDR_PORT_ANY

It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can
cause a use-after-free when a connection is made to the bound socket.
The socket returned by accept() also has port VMADDR_PORT_ANY but is not
on the list of unbound sockets. Binding it will result in an extra
refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep
the binding until socket destruction).

Modify the check in __vsock_bind_connectible() to also prevent binding
to VMADDR_PORT_ANY.

Affected products Warnungen 0 Metrics 1 CWE 0 References 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < c04a2c1ca25b9b23104124d3b2d349d934e302de

Version d021c344051af91f42c5ba9fdedc176740cbd238

Status affected

Version < d1a5b1964cef42727668ac0d8532dae4f8c19386

Version d021c344051af91f42c5ba9fdedc176740cbd238

Status affected

Version < cf86704798c1b9c46fa59dfc2d662f57d1394d79

Version d021c344051af91f42c5ba9fdedc176740cbd238

Status affected

Version < f138be5d7f301fddad4e65ec66dfc3ceebf79be3

Version d021c344051af91f42c5ba9fdedc176740cbd238

Status affected

Version < 44bd006d5c93f6a8f28b106cbae2428c5d0275b7

Version d021c344051af91f42c5ba9fdedc176740cbd238

Status affected

Version < 32950b1907919be86a7a2697d6f93d57068b3865

Version d021c344051af91f42c5ba9fdedc176740cbd238

Status affected

Version < 8f01093646b49f6330bb2d36761983fd829472b1

Version d021c344051af91f42c5ba9fdedc176740cbd238

Status affected

Version < d73960f0cf03ef1dc9e96ec7a20e538accc26d87

Version d021c344051af91f42c5ba9fdedc176740cbd238

Status affected

Version < aba0c94f61ec05315fa7815d21aefa4c87f6a9f4

Version d021c344051af91f42c5ba9fdedc176740cbd238

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 3.9

Status affected

Version < 3.9

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.148

Status unaffected

Version <= 6.6.*

Version 6.6.102

Status unaffected

Version <= 6.12.*

Version 6.12.42

Status unaffected

Version <= 6.15.*

Version 6.15.10

Status unaffected

Version <= 6.16.*

Version 6.16.1

Status unaffected

Version <= *

Version 6.17-rc2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.142

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3

https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7

https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865

https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1

https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87

https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4

https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de

https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79

https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386

https://nvd.nist.gov/vuln/detail/CVE-2025-38618

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38618

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38618

EUVD