Home

CVE-2025-38461

Description

In the Linux kernel, the following vulnerability has been resolved:vsock: Fix transport_* TOCTOUTransport assignment may race with module unload. Protect new_transportfrom becoming a stale pointer.This also takes care of an insecure call in vsock_use_local_transport();add a lockdep assert.BUG: unable to handle page fault for address: fffffbfff8056000Oops: Oops: 0000 [#1] SMP KASANRIP: 0010:vsock_assign_transport+0x366/0x600Call Trace: vsock_connect+0x59c/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53

Risk Information

Base Score
4.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.019

Associated Vulnerability

VulnerabilityOS Platform
linux security update(DSA-5973-1) DSA-5973-1 linux-cpupower_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-doc_6.1.147-1_all.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-doc-6.1_6.1.147-1_all.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-686-dbg_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-686-pae-dbg_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-cpupower_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-amd64-signed-template_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-cloud-amd64-dbg_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-i386-signed-template_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-rt-686-pae-dbg_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-rt-amd64-dbg_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-amd64-dbg_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-config-6.1_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-config-6.1_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-compiler-gcc-12-x86_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-kbuild-6.1_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 libcpupower1_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 libcpupower1_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 libcpupower-dev_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 libcpupower-dev_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 hyperv-daemons_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 hyperv-daemons_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 bpftool_7.1.0+6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-compiler-gcc-12-x86_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 usbip_2.0+6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 usbip_2.0+6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 rtla_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 rtla_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-source-6.1_6.1.147-1_all.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-source_6.1.147-1_all.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-libc-dev_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 bpftool_7.1.0+6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-libc-dev_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-perf_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-kbuild-6.1_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-perf_6.1.147-1_i386.debLinux
Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2025-38461)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234