Use-After-Free Vulnerability in Linux Kernel's vsock Functionality
CVE-2025-38618

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
22 August 2025

What is CVE-2025-38618?

A vulnerability exists in the Linux kernel's vsock functionality that allows binding to the VMADDR_PORT_ANY, which can lead to a use-after-free condition upon connection. When a socket is bound to VMADDR_PORT_ANY, the socket returned by accept() has the same port but is not considered an unbound socket, resulting in improper reference count management. This issue can potentially be exploited if binding is not adequately restricted. Updates are recommended to modify the binding checks in the vsock implementation to prevent this error.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux d021c344051af91f42c5ba9fdedc176740cbd238

Linux d021c344051af91f42c5ba9fdedc176740cbd238

Linux d021c344051af91f42c5ba9fdedc176740cbd238

References

https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b...
https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8...
https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.