CVE-2025-38618

In the Linux kernel, the following vulnerability has been resolved:

vsock: Do not allow binding to VMADDR_PORT_ANY

It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction).

Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.

Published: Aug 22, 2025
Updated: Jan 8, 2026
CVE: CVE-2025-38618
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	3.9	5.4.297
linux / linux_kernel	5.5	5.10.241
linux / linux_kernel	5.11	5.15.190
linux / linux_kernel	5.16	6.1.148
linux / linux_kernel	6.2	6.6.102
linux / linux_kernel	6.7	6.12.42
linux / linux_kernel	6.13	6.15.10
linux / linux_kernel	6.16	6.16.1
linux / linux_kernel	6.17-rc1	6.17-rc1.x
debian / debian_linux	11.0	11.0.x

Vulnerability Database

318,756

CVE-2025-38618

Deep Security Visibility Without the Complexity