Concurrency Vulnerability in Linux Kernel vsock Transport Mechanism
CVE-2025-38461

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38461?

A concurrency vulnerability exists in the Linux kernel's vsock transport mechanism, where a race condition may occur during transport assignments. This situation arises when a transport assignment conflicts with module unloading, potentially leading to a stale pointer. Additionally, an insecure function call in the vsock_use_local_transport() leads to a page fault. The vulnerability highlights the importance of proper locking mechanisms to prevent such race conditions and ensures the reliability of kernel operations.

Affected Version(s)

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 8667e8d0eb46bc54fdae30ba2f4786407d3d88eb

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 36a439049b34cca0b3661276049b84a1f76cc21a

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 9ce53e744f18e73059d3124070e960f3aa9902bf

References

https://git.kernel.org/stable/c/8667e8d0eb46bc54fdae30ba2...

https://git.kernel.org/stable/c/36a439049b34cca0b36612760...

https://git.kernel.org/stable/c/9ce53e744f18e73059d312407...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025