CVE-2025-38618
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38618
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38618.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38618
- Downstream
- Related
- Published
- 2025-08-22T14:15:46Z
- Modified
- 2025-09-06T13:01:26Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
vsock: Do not allow binding to VMADDRPORTANY
It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDRPORTANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction).
Modify the check in _vsockbindconnectible() to also prevent binding to VMADDRPORT_ANY.
- References
-
- https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865
- https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7
- https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1
- https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4
- https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de
- https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79
- https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386
- https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87
- https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3