CVE-2025-38462

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38462

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38462.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-38462

Downstream

BELL-CVE-2025-38462

DEBIAN-CVE-2025-38462

DSA-5973-1

DSA-5975-1

ECHO-c0b6-0fca-3aba

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38462

USN-7774-1

USN-7774-2

USN-7774-3

USN-7775-1

USN-7776-1

Related

Published

2025-07-25T16:15:32Z

Modified

2025-08-30T18:00:21Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

vsock: Fix transport_{g2h,h2g} TOCTOU

vsockfindcid() and vsockdevdoioctl() may race with module unload. transport{g2h,h2g} may become NULL after the NULL check.

Introduce vsocktransportlocal_cid() to protect from a potential null-ptr-deref.

KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsockfindcid+0x47/0x90 Call Trace: _vsockbind+0x4b2/0x720 vsockbind+0x90/0xe0 _sysbind+0x14d/0x1e0 _x64sysbind+0x6e/0xc0 dosyscall64+0x92/0x1c0 entrySYSCALL64afterhwframe+0x4b/0x53

KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsockdevdoioctl.isra.0+0x58/0xf0 Call Trace: _x64sysioctl+0x12d/0x190 dosyscall64+0x92/0x1c0 entrySYSCALL64afterhwframe+0x4b/0x53

References

Affected packages