#VU111646 Race condition within a thread in Linux kernel - CVE-2025-38048
Published: June 20, 2025
Vulnerability identifier: #VU111646
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38048
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the virtqueue_enable_cb_delayed() function in drivers/virtio/virtio_ring.c. A local user can corrupt data.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2
- https://git.kernel.org/stable/c/2e2f925fe737576df2373931c95e1a2b66efdfef
- https://git.kernel.org/stable/c/4ed8f0e808b3fcc71c5b8be7902d8738ed595b17
- https://git.kernel.org/stable/c/b49b5132e4c7307599492aee1cdc6d89f7f2a7da
- https://git.kernel.org/stable/c/b6d6419548286b2b9d2b90df824d3cab797f6ae8
- https://git.kernel.org/stable/c/b730cb109633c455ce8a7cd6934986c6a16d88d8