PT-2025-34364 · Linux+5 · Linux Kernel+5
Published
2025-01-01
·
Updated
2026-05-26
·
CVE-2025-38618
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
A flaw exists in the vsock subsystem that allows a vsock to autobind to VMADDR PORT ANY. This can lead to a use-after-free issue when a connection is established to the bound socket, as the socket returned by
accept() has port VMADDR PORT ANY but is not on the list of unbound sockets. Binding it results in an extra reference count decrement.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu