CVE-2025-38048

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A data-race issue has been identified in the Linux kernel, specifically in the virtio ring component. The issue occurs when accessing the event triggered variable, which can lead to a race condition between the virtqueue enable cb delayed() and virtqueue disable cb split/packed() functions. This can cause the driver to temporarily suggest that the device not send an interrupt notification when the event index is used. The estimated number of potentially affected devices worldwide is not available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Time Of Check To Time Of Use

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367CWE-362

Related Identifiers

BDU:2025-08792

CVE-2025-38048

DLA-4328-1

DSA-5973-1

ECHO-FFEB-1BB8-4869

OESA-2025-1959

OESA-2025-1960

OESA-2025-1961

USN-7704-1

USN-7704-2

USN-7704-3

USN-7704-4

USN-7704-5

USN-7711-1

USN-7712-1

USN-7712-2

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

CVE-2025-38048

Weakness Enumeration

Related Identifiers

Affected Products

References · 1437