CVE-2025-38461
Published: Jul 25, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add a lockdep assert. BUG: unable to handle page fault for address: fffffbfff8056000 Oops: Oops: 0000 [#1] SMP KASAN RIP: 0010:vsock_assign_transport+0x366/0x600 Call Trace: vsock_connect+0x59c/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < 8667e8d0eb46bc54fdae30ba2f4786407d3d88ebaffected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < 36a439049b34cca0b3661276049b84a1f76cc21aaffected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < 9ce53e744f18e73059d3124070e960f3aa9902bfaffected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < 9d24bb6780282b0255b9929abe5e8f98007e2c6eaffected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < ae2c712ba39c7007de63cb0c75b51ce1caaf1da5+2 more versions |
Linux | Linux | affected 5.5unaffected 0 - < 5.5unaffected 5.10.240 - <= 5.10.*unaffected 5.15.189 - <= 5.15.*unaffected 6.1.146 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now