CVE-2025-1290

Name of the Vulnerable Software and Affected Versions Kernel versions prior to the fixed version

Description A race condition Use-After-Free issue exists in the virtio transport space update function within the Kernel on ChromeOS. This occurs due to concurrent allocation and freeing of the virtio vsock sock structure during an AF VSOCK connect syscall, which can result in a dangling pointer and potential kernel code execution.

Recommendations For versions prior to the fixed version, consider applying a patch that fixes the race condition in the virtio transport space update function to prevent the Use-After-Free vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.