{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38618","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.029Z","datePublished":"2025-08-22T13:01:24.678Z","dateUpdated":"2026-05-11T21:31:42.326Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:31:42.326Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/vmw_vsock/af_vsock.c"],"versions":[{"version":"d021c344051af91f42c5ba9fdedc176740cbd238","lessThan":"c04a2c1ca25b9b23104124d3b2d349d934e302de","status":"affected","versionType":"git"},{"version":"d021c344051af91f42c5ba9fdedc176740cbd238","lessThan":"d1a5b1964cef42727668ac0d8532dae4f8c19386","status":"affected","versionType":"git"},{"version":"d021c344051af91f42c5ba9fdedc176740cbd238","lessThan":"cf86704798c1b9c46fa59dfc2d662f57d1394d79","status":"affected","versionType":"git"},{"version":"d021c344051af91f42c5ba9fdedc176740cbd238","lessThan":"f138be5d7f301fddad4e65ec66dfc3ceebf79be3","status":"affected","versionType":"git"},{"version":"d021c344051af91f42c5ba9fdedc176740cbd238","lessThan":"44bd006d5c93f6a8f28b106cbae2428c5d0275b7","status":"affected","versionType":"git"},{"version":"d021c344051af91f42c5ba9fdedc176740cbd238","lessThan":"32950b1907919be86a7a2697d6f93d57068b3865","status":"affected","versionType":"git"},{"version":"d021c344051af91f42c5ba9fdedc176740cbd238","lessThan":"8f01093646b49f6330bb2d36761983fd829472b1","status":"affected","versionType":"git"},{"version":"d021c344051af91f42c5ba9fdedc176740cbd238","lessThan":"d73960f0cf03ef1dc9e96ec7a20e538accc26d87","status":"affected","versionType":"git"},{"version":"d021c344051af91f42c5ba9fdedc176740cbd238","lessThan":"aba0c94f61ec05315fa7815d21aefa4c87f6a9f4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/vmw_vsock/af_vsock.c"],"versions":[{"version":"3.9","status":"affected"},{"version":"0","lessThan":"3.9","status":"unaffected","versionType":"semver"},{"version":"5.4.297","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.241","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.190","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.148","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.102","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.42","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.10","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16.1","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"5.4.297"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"5.10.241"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"5.15.190"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"6.1.148"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"6.6.102"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"6.12.42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"6.15.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"6.16.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de"},{"url":"https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386"},{"url":"https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79"},{"url":"https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3"},{"url":"https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7"},{"url":"https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865"},{"url":"https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1"},{"url":"https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87"},{"url":"https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4"}],"title":"vsock: Do not allow binding to VMADDR_PORT_ANY","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:40:30.483Z"}}]}}