CVE-2025-1290

Published: Apr 17, 2025

Modified: May 8, 2025

PUBLISHED

Description

A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.

Vendor	Product	Versions
Google	ChromeOS	affected `15474.84.0 - < 15474.84.0`

References

https://issuetracker.google.com/issues/301886931

https://issues.chromium.org/issues/b/301886931

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-1290

Description

Affected Products

References