2 matches found
CVE-2025-38618
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...
CVE-2025-38618
CVE-2025-38618 concerns the Linux kernel where a vsock could autobind to VMADDR_PORT_ANY, risking a use-after-free on connection to the bound socket. The fix updates __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY. Connected sources (e.g., Astra Linux, Debian LTS advisories,...