CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add a lockdep assert. BUG: unable to handle page fault for address: fffffbfff8056000 Oops: Oops: 0000 [#1] SMP KASAN RIP: 0010:vsock_assign_transport+0x366/0x600 Call Trace: vsock_connect+0x59c/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/36a439049b34cca0b3661276049b84a1f76cc21a	Patch
https://git.kernel.org/stable/c/687aa0c5581b8d4aa87fd92973e4ee576b550cdf	Patch
https://git.kernel.org/stable/c/7b73bddf54777fb62d4d8c7729d0affe6df04477	Patch
https://git.kernel.org/stable/c/8667e8d0eb46bc54fdae30ba2f4786407d3d88eb	Patch
https://git.kernel.org/stable/c/9ce53e744f18e73059d3124070e960f3aa9902bf	Patch
https://git.kernel.org/stable/c/9d24bb6780282b0255b9929abe5e8f98007e2c6e	Patch
https://git.kernel.org/stable/c/ae2c712ba39c7007de63cb0c75b51ce1caaf1da5	Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc5::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

22 Dec 2025, 21:52

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
First Time		Linux Debian Debian debian Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/36a439049b34cca0b3661276049b84a1f76cc21a -~~	() https://git.kernel.org/stable/c/36a439049b34cca0b3661276049b84a1f76cc21a - Patch
References	~~() https://git.kernel.org/stable/c/687aa0c5581b8d4aa87fd92973e4ee576b550cdf -~~	() https://git.kernel.org/stable/c/687aa0c5581b8d4aa87fd92973e4ee576b550cdf - Patch
References	~~() https://git.kernel.org/stable/c/7b73bddf54777fb62d4d8c7729d0affe6df04477 -~~	() https://git.kernel.org/stable/c/7b73bddf54777fb62d4d8c7729d0affe6df04477 - Patch
References	~~() https://git.kernel.org/stable/c/8667e8d0eb46bc54fdae30ba2f4786407d3d88eb -~~	() https://git.kernel.org/stable/c/8667e8d0eb46bc54fdae30ba2f4786407d3d88eb - Patch
References	~~() https://git.kernel.org/stable/c/9ce53e744f18e73059d3124070e960f3aa9902bf -~~	() https://git.kernel.org/stable/c/9ce53e744f18e73059d3124070e960f3aa9902bf - Patch
References	~~() https://git.kernel.org/stable/c/9d24bb6780282b0255b9929abe5e8f98007e2c6e -~~	() https://git.kernel.org/stable/c/9d24bb6780282b0255b9929abe5e8f98007e2c6e - Patch
References	~~() https://git.kernel.org/stable/c/ae2c712ba39c7007de63cb0c75b51ce1caaf1da5 -~~	() https://git.kernel.org/stable/c/ae2c712ba39c7007de63cb0c75b51ce1caaf1da5 - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -~~	() https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html - Third Party Advisory
CPE		cpe:2.3:o:linux:linux_kernel:6.16:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc1:::::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel:6.16:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.16:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.16:rc4::::::
CWE		CWE-367

03 Nov 2025, 18:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html - () https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html -

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: Se corrige la asignación de transporte transport_* TOCTOU que podría competir con la descarga del módulo. Se evita que new_transport se convierta en un puntero obsoleto. Esto también soluciona una llamada insegura en vsock_use_local_transport(); se añade una aserción lockdep. BUG: unable to handle page fault for address: fffffbfff8056000 Oops: Oops: 0000 [#1] SMP KASAN RIP: 0010:vsock_assign_transport+0x366/0x600 Call Trace: vsock_connect+0x59c/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53

25 Jul 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-25 16:15

Updated : 2025-12-22 21:52

NVD link : CVE-2025-38461

Mitre link : CVE-2025-38461

CVE.ORG link : CVE-2025-38461

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

4.7 /10