SB2025072733 - NULL pointer dereference in Linux kernel vmw_vsock
Published: July 27, 2025
Security Bulletin ID
SB2025072733
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38462)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vsock_assign_transport() and vsock_dev_do_ioctl() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/209fd720838aaf1420416494c5505096478156b4
- https://git.kernel.org/stable/c/3734d78210cceb2ee5615719a62a5c55ed381ff8
- https://git.kernel.org/stable/c/401239811fa728fcdd53e360a91f157ffd23e1f4
- https://git.kernel.org/stable/c/5752d8dbb3dfd7f1a9faf0f65377e60826ea9a17
- https://git.kernel.org/stable/c/6a1bcab67bea797d83aa9dd948a0ac6ed52d121d
- https://git.kernel.org/stable/c/80d7dc15805a93d520a249ac6d13d4f4df161c1b
- https://git.kernel.org/stable/c/c5496ee685c48ed1cc183cd4263602579bb4a615