Fixed
Created: Jul 28, 2025
Updated: Aug 28, 2025
Resolved Date: Aug 28, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]vsock: Fix transport_{g2h,h2g} TOCTOU[EOL][EOL]vsock_find_cid() and vsock_dev_do_ioctl() may race with module unload.[EOL]transport_{g2h,h2g} may become NULL after the NULL check.[EOL][EOL]Introduce vsock_transport_local_cid() to protect from a potential[EOL]null-ptr-deref.[EOL][EOL]KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f][EOL]RIP: 0010:vsock_find_cid+0x47/0x90[EOL]Call Trace:[EOL] __vsock_bind+0x4b2/0x720[EOL] vsock_bind+0x90/0xe0[EOL] __sys_bind+0x14d/0x1e0[EOL] __x64_sys_bind+0x6e/0xc0[EOL] do_syscall_64+0x92/0x1c0[EOL] entry_SYSCALL_64_after_hwframe+0x4b/0x53[EOL][EOL]KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f][EOL]RIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0[EOL]Call Trace:[EOL] __x64_sys_ioctl+0x12d/0x190[EOL] do_syscall_64+0x92/0x1c0[EOL] entry_SYSCALL_64_after_hwframe+0x4b/0x53
CREATE(Triage):(User=admin) [CVE-2025-38462 (https://nvd.nist.gov/vuln/detail/CVE-2025-38462)
