{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38462","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.020Z","datePublished":"2025-07-25T15:27:45.168Z","dateUpdated":"2026-05-11T21:28:28.695Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:28:28.695Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/vmw_vsock/af_vsock.c"],"versions":[{"version":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a","lessThan":"c5496ee685c48ed1cc183cd4263602579bb4a615","status":"affected","versionType":"git"},{"version":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a","lessThan":"80d7dc15805a93d520a249ac6d13d4f4df161c1b","status":"affected","versionType":"git"},{"version":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a","lessThan":"5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17","status":"affected","versionType":"git"},{"version":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a","lessThan":"401239811fa728fcdd53e360a91f157ffd23e1f4","status":"affected","versionType":"git"},{"version":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a","lessThan":"3734d78210cceb2ee5615719a62a5c55ed381ff8","status":"affected","versionType":"git"},{"version":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a","lessThan":"6a1bcab67bea797d83aa9dd948a0ac6ed52d121d","status":"affected","versionType":"git"},{"version":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a","lessThan":"209fd720838aaf1420416494c5505096478156b4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/vmw_vsock/af_vsock.c"],"versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","status":"unaffected","versionType":"semver"},{"version":"5.10.240","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.189","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.146","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.99","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.39","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.7","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.240"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.189"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.1.146"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.6.99"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.12.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.15.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c5496ee685c48ed1cc183cd4263602579bb4a615"},{"url":"https://git.kernel.org/stable/c/80d7dc15805a93d520a249ac6d13d4f4df161c1b"},{"url":"https://git.kernel.org/stable/c/5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17"},{"url":"https://git.kernel.org/stable/c/401239811fa728fcdd53e360a91f157ffd23e1f4"},{"url":"https://git.kernel.org/stable/c/3734d78210cceb2ee5615719a62a5c55ed381ff8"},{"url":"https://git.kernel.org/stable/c/6a1bcab67bea797d83aa9dd948a0ac6ed52d121d"},{"url":"https://git.kernel.org/stable/c/209fd720838aaf1420416494c5505096478156b4"}],"title":"vsock: Fix transport_{g2h,h2g} TOCTOU","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:38:23.677Z"}}]}}