CVE-2025-38611 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2025081923-CVE-2025-38611-e9f6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38611
https://www.cve.org/CVERecord?id=CVE-2025-38611

History

Fri, 05 Sep 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://git.kernel.org/stable/c/2c86366ce37f398e20fa09e7e9dc8788fbf6cf0c https://git.kernel.org/stable/c/6696a46f4ebdc7314ff23a2fb0e93a95da2c45ee https://git.kernel.org/stable/c/7624fe66a0832eb6fe4e465fcdd4f9104fb9b339 https://git.kernel.org/stable/c/87f8f8654e55cf9327cc63746595085a041699dc https://git.kernel.org/stable/c/94112b0d443e0b6b5bb17854f97c1498064cc9ed https://git.kernel.org/stable/c/a85dc83857497fa1f68a9b23e7213949d4cb51ea https://git.kernel.org/stable/c/b097d921efb5bb150066365287ff046b8c8b29f5 https://git.kernel.org/stable/c/bfb4cf9fb97e4063f0aa62e9e398025fb6625031 https://git.kernel.org/stable/c/bfd6b211fe8aae79acbedd19e8d5bea5d062a41b

Fri, 05 Sep 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different tasks. When init_context fails, the struct vmci_event_ctx is not fully initialized when executing vmci_datagram_dispatch() to send events to all vm contexts. This affects the datagram taken from the datagram queue of its context by another task, because the datagram payload is not initialized according to the size payload_size, which causes the kernel data to leak to the user space. Before dispatching the datagram, and before setting the payload content, explicitly set the payload content to 0 to avoid data leakage caused by incomplete payload initialization.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	vmci: Prevent the dispatching of uninitialized payloads	kernel: vmci: Prevent the dispatching of uninitialized payloads

Thu, 28 Aug 2025 15:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/2c86366ce37f398e20fa09e7e9dc8788fbf6cf0c https://git.kernel.org/stable/c/a85dc83857497fa1f68a9b23e7213949d4cb51ea https://git.kernel.org/stable/c/b097d921efb5bb150066365287ff046b8c8b29f5

Thu, 21 Aug 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Wed, 20 Aug 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025081923-CVE-2025-38611-e9f6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38611 https://www.cve.org/CVERecord?id=CVE-2025-38611
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Tue, 19 Aug 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different tasks. When init_context fails, the struct vmci_event_ctx is not fully initialized when executing vmci_datagram_dispatch() to send events to all vm contexts. This affects the datagram taken from the datagram queue of its context by another task, because the datagram payload is not initialized according to the size payload_size, which causes the kernel data to leak to the user space. Before dispatching the datagram, and before setting the payload content, explicitly set the payload content to 0 to avoid data leakage caused by incomplete payload initialization.
Title		vmci: Prevent the dispatching of uninitialized payloads
References		https://git.kernel.org/stable/c/6696a46f4ebdc7314ff23a2fb0e93a95da2c45ee https://git.kernel.org/stable/c/7624fe66a0832eb6fe4e465fcdd4f9104fb9b339 https://git.kernel.org/stable/c/87f8f8654e55cf9327cc63746595085a041699dc https://git.kernel.org/stable/c/94112b0d443e0b6b5bb17854f97c1498064cc9ed https://git.kernel.org/stable/c/bfb4cf9fb97e4063f0aa62e9e398025fb6625031 https://git.kernel.org/stable/c/bfd6b211fe8aae79acbedd19e8d5bea5d062a41b

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-08-19T17:03:53.978Z

Updated: 2025-09-05T19:57:43.346Z

Reserved: 2025-04-16T04:51:24.029Z

Link: CVE-2025-38611

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-08-19T17:15:39.633

Modified: 2025-09-05T20:15:34.917

Link: CVE-2025-38611

Redhat

Severity : Moderate

Publid Date: 2025-08-19T00:00:00Z

Links: CVE-2025-38611 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object