{"id":"CVE-2025-21669","summary":"vsock/virtio: discard packets if the transport changes","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.","modified":"2026-03-20T12:40:40.796286Z","published":"2025-01-31T11:25:33.185Z","related":["SUSE-SU-2025:0499-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:0564-1","SUSE-SU-2025:0847-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21669.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/18a7fc371d1dbf8deff16c2dd9292bcc73f43040"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2cb7c756f605ec02ffe562fb26828e4bcc5fdfc1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6486915fa661584d70e8e7e4068c6c075c67dd6d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/677579b641af109613564460a4e3bdcb16850b61"},{"type":"WEB","url":"https://git.kernel.org/stable/c/88244163bc7e7b0ce9dd7bf4c8a563b41525c3ee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d88b249e14bd0ee1e46bbe4f456e22e01b8c68de"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21669.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21669"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a"},{"fixed":"18a7fc371d1dbf8deff16c2dd9292bcc73f43040"},{"fixed":"6486915fa661584d70e8e7e4068c6c075c67dd6d"},{"fixed":"88244163bc7e7b0ce9dd7bf4c8a563b41525c3ee"},{"fixed":"d88b249e14bd0ee1e46bbe4f456e22e01b8c68de"},{"fixed":"677579b641af109613564460a4e3bdcb16850b61"},{"fixed":"2cb7c756f605ec02ffe562fb26828e4bcc5fdfc1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21669.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}