CVE-2025-38618

HIGH

Linux Kernel - Use-After-Free in vsock Autobind to VMADDR_PORT_ANY

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.

References (11)

Core 11
Core References

Scores

CVSS v3 7.8
EPSS 0.0002
EPSS Percentile 7.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (31)
debian/debian_linux 11.0
linux/Kernel 3.9.0 - 5.4.297linux
linux/Kernel 5.11.0 - 5.15.190linux
linux/Kernel 5.16.0 - 6.1.148linux
linux/Kernel 5.5.0 - 5.10.241linux
linux/Kernel 6.13.0 - 6.15.10linux
linux/Kernel 6.16.0 - 6.16.1linux
linux/Kernel 6.2.0 - 6.6.102linux
linux/Kernel 6.7.0 - 6.12.42linux
Linux/Linux < 3.9
... and 21 more
Published Aug 22, 2025
Tracked Since Feb 18, 2026