CVE-2025-38403

HIGH EPSS 7.8%
Published Jul 25, 202511mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left in the structure.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
7.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥3.9  –  <5.4.296
linuxlinux_kernel*≥5.5  –  <5.10.240
linuxlinux_kernel*≥5.11  –  <5.15.187
linuxlinux_kernel*≥5.16  –  <6.1.144
linuxlinux_kernel*≥6.2  –  <6.6.97
linuxlinux_kernel*≥6.7  –  <6.12.37
linuxlinux_kernel*≥6.13  –  <6.15.6
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/0a01021317375b8d1895152f544421ce49299eb1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/19c2cc01ff9a8031398a802676ffb0f4692dd95d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1c1bcb0e78230f533b4103e8cf271d17c3f469f0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/223e2288f4b8c262a864e2c03964ffac91744cd5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2d44723a091bc853272e1a51a488a3d22b80be5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/75705b44e0b9aaa74f4c163d93d388bcba9e386a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94d0c326cb3ee6b0f8bd00e209550b93fcc5c839
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e9a673153d578fd439919a24e99851b2f87ecbce
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0a01021317375b8d1895152f544421ce49299eb1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/19c2cc01ff9a8031398a802676ffb0f4692dd95d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1c1bcb0e78230f533b4103e8cf271d17c3f469f0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/223e2288f4b8c262a864e2c03964ffac91744cd5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2d44723a091bc853272e1a51a488a3d22b80be5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/75705b44e0b9aaa74f4c163d93d388bcba9e386a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94d0c326cb3ee6b0f8bd00e209550b93fcc5c839
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e9a673153d578fd439919a24e99851b2f87ecbce
    Patch