CVE-2025-38462
Published: Jul 25, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_{g2h,h2g} TOCTOU vsock_find_cid() and vsock_dev_do_ioctl() may race with module unload. transport_{g2h,h2g} may become NULL after the NULL check. Introduce vsock_transport_local_cid() to protect from a potential null-ptr-deref. KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsock_find_cid+0x47/0x90 Call Trace: __vsock_bind+0x4b2/0x720 vsock_bind+0x90/0xe0 __sys_bind+0x14d/0x1e0 __x64_sys_bind+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0 Call Trace: __x64_sys_ioctl+0x12d/0x190 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < c5496ee685c48ed1cc183cd4263602579bb4a615affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < 80d7dc15805a93d520a249ac6d13d4f4df161c1baffected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < 5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < 401239811fa728fcdd53e360a91f157ffd23e1f4affected c0cfa2d8a788fcf45df5bf4070ab2474c88d543a - < 3734d78210cceb2ee5615719a62a5c55ed381ff8+2 more versions |
Linux | Linux | affected 5.5unaffected 0 - < 5.5unaffected 5.10.240 - <= 5.10.*unaffected 5.15.189 - <= 5.15.*unaffected 6.1.146 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now