Local Denial of Service Vulnerability in Linux Kernel vsock Transport Module
CVE-2025-38462

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38462?

A vulnerability in the Linux kernel’s vsock transport module can lead to potential null pointer dereference issues, causing instability during operations. The functions vsock_find_cid() and vsock_dev_do_ioctl() are prone to racing conditions with module unloads, which may leave critical pointers NULL even after they've been checked, resulting in unexpected behavior or system crashes. The introduction of the vsock_transport_local_cid() function is intended to mitigate this risk, ensuring a reliable handling of local connection identifiers.

Affected Version(s)

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 80d7dc15805a93d520a249ac6d13d4f4df161c1b

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17

References

https://git.kernel.org/stable/c/c5496ee685c48ed1cc183cd42...

https://git.kernel.org/stable/c/80d7dc15805a93d520a249ac6...

https://git.kernel.org/stable/c/5752d8dbb3dfd7f1a9faf0f65...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025