CVE-2025-38462

MEDIUM

Linux Kernel < 5.10.240 - TOCTOU Race Condition

Title source: rule
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_{g2h,h2g} TOCTOU vsock_find_cid() and vsock_dev_do_ioctl() may race with module unload. transport_{g2h,h2g} may become NULL after the NULL check. Introduce vsock_transport_local_cid() to protect from a potential null-ptr-deref. KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsock_find_cid+0x47/0x90 Call Trace: __vsock_bind+0x4b2/0x720 vsock_bind+0x90/0xe0 __sys_bind+0x14d/0x1e0 __x64_sys_bind+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0 Call Trace: __x64_sys_ioctl+0x12d/0x190 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53

References (9)

Scores

CVSS v3 4.7
EPSS 0.0002
EPSS Percentile 5.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-367
Status published
Products (9)
debian/debian_linux 11.0
linux/Kernel 5.11.0 - 5.15.189linux
linux/Kernel 5.16.0 - 6.1.146linux
linux/Kernel 5.5.0 - 5.10.240linux
linux/Kernel 6.13.0 - 6.15.7linux
linux/Kernel 6.2.0 - 6.6.99linux
linux/Kernel 6.7.0 - 6.12.39linux
linux/linux_kernel 6.16 rc1 (5 CPE variants)
linux/linux_kernel 5.5 - 5.10.240
Published Jul 25, 2025
Tracked Since Feb 18, 2026