DEBIAN-CVE-2025-38461

DEBIAN-CVE-2025-38461 PUBLISHED CVSS 4.699999809265137 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add a lockdep assert. BUG: unable to handle page fault for address: fffffbfff8056000 Oops: Oops: 0000 [#1] SMP KASAN RIP: 0010:vsock_assign_transport+0x366/0x600 Call Trace: vsock_connect+0x59c/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53

Risk Scores

CVSS v3.1

4.699999809265137

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	linux	5.10.70-1, 5.10.70-1, 5.10.46-5
Debian:14	linux	6.14.3-1, 6.12.38-1, 6.12.43-1
Debian:12	linux	6.1.38-2, 6.1.76-1~bpo11+1, 6.1.69-1
Debian:13	linux	0, 6.12.38-1, 0
Debian:11	linux-6.1	6.1.106-3, 6.1.112-1, 6.1.119-1

Timeline

Jul 25, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-38461 advisory

Open in Interactive Console →