1. Home
  2. Vulnerabilities
  3. CVE-2025-38618
7.8
HIGH CVSS 3.1
CVE-2025-38618
vsock: Do not allow binding to VMADDR_PORT_ANY
Description

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.

INFO

Published Date :

Aug. 22, 2025, 2:15 p.m.

Last Modified :

Jan. 7, 2026, 4:56 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-38618 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
1 Debian debian_linux
: Total Affected Vendor : 2 | Products : 2
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
Update the kernel to prevent a use-after-free due to autobinding to VMADDR_PORT_ANY.
  • Update the Linux kernel to a patched version.
  • Modify __vsock_bind_connectible to prevent binding to VMADDR_PORT_ANY.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-38618.

URL Resource
https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865 Patch
https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7 Patch
https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1 Patch
https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4 Patch
https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de Patch
https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79 Patch
https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386 Patch
https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87 Patch
https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-38618 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-38618 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-38618 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-38618 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 07, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-416
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.148 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.190 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.241 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.16 up to (excluding) 6.16.1 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.15.10 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.42 *cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.102 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.9 up to (excluding) 5.4.297
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3 Types: Patch
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Types: Third Party Advisory
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Types: Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 03, 2025

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Added Reference https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 28, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de
    Added Reference https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79
    Added Reference https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 22, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.
    Added Reference https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865
    Added Reference https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7
    Added Reference https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1
    Added Reference https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4
    Added Reference https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87
    Added Reference https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 7.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact