PT-2025-16924 · Google · Kernel
Published
2025-04-17
·
Updated
2025-07-11
·
CVE-2025-1290
CVSS v3.1
8.1
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Exploit
Fix
Use After Free
Weakness Enumeration
Related Identifiers
Affected Products
Kernel
Published
2025-04-17
·
Updated
2025-07-11
·
CVE-2025-1290
8.1
High
| Base vector | Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
**Name of the Vulnerable Software and Affected Versions:**
ChromeOS Kernel versions prior to 6.1
ChromeOS Kernel version 5.4
**Description:**
A race condition Use-After-Free vulnerability exists in the `virtio transport space update` function. Concurrent allocation and freeing of the `virtio vsock sock` structure during an AF VSOCK connect syscall can occur before a worker thread accesses it, resulting in a dangling pointer and potential kernel code execution.
**Recommendations:**
ChromeOS Kernel versions prior to 6.1: Update the Kernel to version 6.1 or later.
ChromeOS Kernel version 5.4: Update the Kernel to a newer version.
Exploit
Fix
Use After Free