{"id":"CVE-2025-38462","summary":"vsock: Fix transport_{g2h,h2g} TOCTOU","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Fix transport_{g2h,h2g} TOCTOU\n\nvsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.\ntransport_{g2h,h2g} may become NULL after the NULL check.\n\nIntroduce vsock_transport_local_cid() to protect from a potential\nnull-ptr-deref.\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_find_cid+0x47/0x90\nCall Trace:\n __vsock_bind+0x4b2/0x720\n vsock_bind+0x90/0xe0\n __sys_bind+0x14d/0x1e0\n __x64_sys_bind+0x6e/0xc0\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nKASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\nRIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0\nCall Trace:\n __x64_sys_ioctl+0x12d/0x190\n do_syscall_64+0x92/0x1c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53","modified":"2026-03-20T12:42:52.246234Z","published":"2025-07-25T15:27:45.168Z","related":["MGASA-2025-0218","MGASA-2025-0219","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38462.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/209fd720838aaf1420416494c5505096478156b4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3734d78210cceb2ee5615719a62a5c55ed381ff8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/401239811fa728fcdd53e360a91f157ffd23e1f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6a1bcab67bea797d83aa9dd948a0ac6ed52d121d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/80d7dc15805a93d520a249ac6d13d4f4df161c1b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c5496ee685c48ed1cc183cd4263602579bb4a615"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38462.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38462"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c0cfa2d8a788fcf45df5bf4070ab2474c88d543a"},{"fixed":"c5496ee685c48ed1cc183cd4263602579bb4a615"},{"fixed":"80d7dc15805a93d520a249ac6d13d4f4df161c1b"},{"fixed":"5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17"},{"fixed":"401239811fa728fcdd53e360a91f157ffd23e1f4"},{"fixed":"3734d78210cceb2ee5615719a62a5c55ed381ff8"},{"fixed":"6a1bcab67bea797d83aa9dd948a0ac6ed52d121d"},{"fixed":"209fd720838aaf1420416494c5505096478156b4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38462.json"}}],"schema_version":"1.7.5"}