Wind River Support Network

HomeDefectsLIN1023-14270
Fixed

LIN1023-14270 : Security Advisory - linux - CVE-2025-38461

Created: Jul 27, 2025    Updated: Oct 22, 2025
Resolved Date: Oct 19, 2025
Found In Version: 10.23.30.1
Fix Version: 10.23.30.19
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]vsock: Fix transport_* TOCTOU[EOL][EOL]Transport assignment may race with module unload. Protect new_transport[EOL]from becoming a stale pointer.[EOL][EOL]This also takes care of an insecure call in vsock_use_local_transport();[EOL]add a lockdep assert.[EOL][EOL]BUG: unable to handle page fault for address: fffffbfff8056000[EOL]Oops: Oops: 0000 [#1] SMP KASAN[EOL]RIP: 0010:vsock_assign_transport+0x366/0x600[EOL]Call Trace:[EOL] vsock_connect+0x59c/0xc40[EOL] __sys_connect+0xe8/0x100[EOL] __x64_sys_connect+0x6e/0xc0[EOL] do_syscall_64+0x92/0x1c0[EOL] entry_SYSCALL_64_after_hwframe+0x4b/0x53

CREATE(Triage):(User=admin) [CVE-2025-38461 (https://nvd.nist.gov/vuln/detail/CVE-2025-38461)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube