PT-2025-33809 · Linux+2 · Linux Kernel+2

Published

2025-08-19

Updated

2026-05-26

CVE-2025-38611

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a flaw in the vmci subsystem where uninitialized payloads can be dispatched. This occurs when the init context function fails, leading to incomplete initialization of the vmci event ctx structure. Consequently, the vmci datagram dispatch() function may send events with uninitialized data to other vm contexts. This can result in kernel data leakage to user space via the datagram payload.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-664

Related Identifiers

BDU:2026-05690

CVE-2025-38611

ECHO-3576-EECA-0922

MGASA-2025-0234

MGASA-2025-0235

OESA-2025-2118

OESA-2025-2119

OESA-2025-2120

OESA-2025-2121

OESA-2025-2122

Affected Products

Debian

Linux Kernel

Red Os

PT-2025-33809 · Linux+2 · Linux Kernel+2

CVE-2025-38611

Weakness Enumeration

Related Identifiers

Affected Products

References · 126