vulnerability

Debian: CVE-2025-38462: linux, linux-6.1 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:M/Au:S/C:N/I:N/A:C)	Jul 28, 2025	Jul 28, 2025	Dec 24, 2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:N/I:N/A:C)

Published

Jul 28, 2025

Added

Jul 28, 2025

Modified

Dec 24, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

vsock: Fix transport_{g2h,h2g} TOCTOU

vsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.
transport_{g2h,h2g} may become NULL after the NULL check.

Introduce vsock_transport_local_cid() to protect from a potential
null-ptr-deref.

KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]
RIP: 0010:vsock_find_cid+0x47/0x90
Call Trace:
__vsock_bind+0x4b2/0x720
vsock_bind+0x90/0xe0
__sys_bind+0x14d/0x1e0
__x64_sys_bind+0x6e/0xc0
do_syscall_64+0x92/0x1c0
entry_SYSCALL_64_after_hwframe+0x4b/0x53

KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]
RIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0
Call Trace:
__x64_sys_ioctl+0x12d/0x190
do_syscall_64+0x92/0x1c0
entry_SYSCALL_64_after_hwframe+0x4b/0x53

Solutions

debian-upgrade-linuxdebian-upgrade-linux-6-1no-fix-debian-deb-package

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today