Memory Initialization Flaw in Linux Kernel's Transport Packet Handling
CVE-2025-38403

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38403?

A significant security concern has been identified in the Linux kernel related to the handling of vmci transport packets. The vulnerability arises from the improper initialization of the transport packet structure, which can leave residual uninitialized data. This oversight can potentially expose sensitive information to unauthorized users, highlighting the importance of clear memory operations before data assignment. To mitigate this issue, the initialization function now employs memset to zero out the transport packet, ensuring that all fields are properly populated and devoid of residual data.

Affected Version(s)

Linux d021c344051af91f42c5ba9fdedc176740cbd238 < 19c2cc01ff9a8031398a802676ffb0f4692dd95d

Linux d021c344051af91f42c5ba9fdedc176740cbd238 < 1c1bcb0e78230f533b4103e8cf271d17c3f469f0

Linux d021c344051af91f42c5ba9fdedc176740cbd238 < 2d44723a091bc853272e1a51a488a3d22b80be5e

References

https://git.kernel.org/stable/c/19c2cc01ff9a8031398a80267...

https://git.kernel.org/stable/c/1c1bcb0e78230f533b4103e8c...

https://git.kernel.org/stable/c/2d44723a091bc853272e1a51a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025