CVE-2025-38462
vsock: Fix transport_{g2h,h2g} TOCTOU
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
vsock: Fix transport_{g2h,h2g} TOCTOU
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_{g2h,h2g} TOCTOU vsock_find_cid() and vsock_dev_do_ioctl() may race with module unload. transport_{g2h,h2g} may become NULL after the NULL check. Introduce vsock_transport_local_cid() to protect from a potential null-ptr-deref. KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsock_find_cid+0x47/0x90 Call Trace: __vsock_bind+0x4b2/0x720 vsock_bind+0x90/0xe0 __sys_bind+0x14d/0x1e0 __x64_sys_bind+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0 Call Trace: __x64_sys_ioctl+0x12d/0x190 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53
Reserved 2025-04-16 | Published 2025-07-25 | Updated 2025-07-25 | Assigner Linuxgit.kernel.org/...c/c5496ee685c48ed1cc183cd4263602579bb4a615
git.kernel.org/...c/80d7dc15805a93d520a249ac6d13d4f4df161c1b
git.kernel.org/...c/5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17
git.kernel.org/...c/401239811fa728fcdd53e360a91f157ffd23e1f4
git.kernel.org/...c/3734d78210cceb2ee5615719a62a5c55ed381ff8
git.kernel.org/...c/6a1bcab67bea797d83aa9dd948a0ac6ed52d121d
git.kernel.org/...c/209fd720838aaf1420416494c5505096478156b4
Support options
