CVE-2025-38461

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38461
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38461.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38461
Downstream
Related
Published
2025-07-25T15:27:39.322Z
Modified
2025-11-28T02:35:45.354732Z
Summary
vsock: Fix transport_* TOCTOU
Details

In the Linux kernel, the following vulnerability has been resolved:

vsock: Fix transport_* TOCTOU

Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer.

This also takes care of an insecure call in vsockuselocal_transport(); add a lockdep assert.

BUG: unable to handle page fault for address: fffffbfff8056000 Oops: Oops: 0000 [#1] SMP KASAN RIP: 0010:vsockassigntransport+0x366/0x600 Call Trace: vsockconnect+0x59c/0xc40 _sysconnect+0xe8/0x100 _x64sysconnect+0x6e/0xc0 dosyscall64+0x92/0x1c0 entrySYSCALL64afterhwframe+0x4b/0x53

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38461.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c0cfa2d8a788fcf45df5bf4070ab2474c88d543a
Fixed
8667e8d0eb46bc54fdae30ba2f4786407d3d88eb
Fixed
36a439049b34cca0b3661276049b84a1f76cc21a
Fixed
9ce53e744f18e73059d3124070e960f3aa9902bf
Fixed
9d24bb6780282b0255b9929abe5e8f98007e2c6e
Fixed
ae2c712ba39c7007de63cb0c75b51ce1caaf1da5
Fixed
7b73bddf54777fb62d4d8c7729d0affe6df04477
Fixed
687aa0c5581b8d4aa87fd92973e4ee576b550cdf

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.240
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.189
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.146
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.99
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.39
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.7