{
  "threat_severity" : "Moderate",
  "public_date" : "2025-07-25T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: vsock: Fix transport_* TOCTOU",
    "id" : "2383513",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2383513"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-664",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nvsock: Fix transport_* TOCTOU\nTransport assignment may race with module unload. Protect new_transport\nfrom becoming a stale pointer.\nThis also takes care of an insecure call in vsock_use_local_transport();\nadd a lockdep assert.\nBUG: unable to handle page fault for address: fffffbfff8056000\nOops: Oops: 0000 [#1] SMP KASAN\nRIP: 0010:vsock_assign_transport+0x366/0x600\nCall Trace:\nvsock_connect+0x59c/0xc40\n__sys_connect+0xe8/0x100\n__x64_sys_connect+0x6e/0xc0\ndo_syscall_64+0x92/0x1c0\nentry_SYSCALL_64_after_hwframe+0x4b/0x53" ],
  "statement" : "This patch addresses a race condition in the vsock core that could lead to a use-after-free or NULL pointer dereference when assigning transports during socket initialization.\nThe vulnerability stems from a lack of synchronization between transport selection and potential module unloading, leading to stale pointers being dereferenced.\nA mutex now protects access to the transport selection logic, and reference counting ensures the module is retained during use.\nThe issue has low impact on confidentiality, but may cause a system crash, resulting in high availability impact.\nSince the problem is reachable by unprivileged users via socket operations, Privileges Required = Low (for the CVSS).\nWhile the issue is most clearly triggered during manual module unload, similar conditions can also arise from automatic module unloading, hotplug scripts, or asynchronous transport (de)registration in multi-threaded environments.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-09-02T00:00:00Z",
    "advisory" : "RHSA-2025:15005",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "kernel-0:6.12.0-55.30.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-09-22T00:00:00Z",
    "advisory" : "RHSA-2025:16373",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.76.1.rt7.417.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-09-22T00:00:00Z",
    "advisory" : "RHSA-2025:16372",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.76.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22752",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.179.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22752",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.179.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-10-15T00:00:00Z",
    "advisory" : "RHSA-2025:18043",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.164.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-10-15T00:00:00Z",
    "advisory" : "RHSA-2025:18043",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.164.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-10-15T00:00:00Z",
    "advisory" : "RHSA-2025:18043",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.164.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-10-22T00:00:00Z",
    "advisory" : "RHSA-2025:18932",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.116.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-10-22T00:00:00Z",
    "advisory" : "RHSA-2025:18932",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.116.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-09-02T00:00:00Z",
    "advisory" : "RHSA-2025:15011",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.39.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-09-02T00:00:00Z",
    "advisory" : "RHSA-2025:15011",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.39.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-10-01T00:00:00Z",
    "advisory" : "RHSA-2025:17159",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.148.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-10-01T00:00:00Z",
    "advisory" : "RHSA-2025:17192",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.148.1.rt21.220.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-10-01T00:00:00Z",
    "advisory" : "RHSA-2025:17122",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.140.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-10-01T00:00:00Z",
    "advisory" : "RHSA-2025:17123",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.140.1.rt14.425.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-09-25T00:00:00Z",
    "advisory" : "RHSA-2025:16669",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.91.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38461\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38461\nhttps://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38461-33b1@gregkh/T" ],
  "name" : "CVE-2025-38461",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent module vsock from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}