CVE-2025-38403

Summary

In the Linux kernel, the following vulnerability has been resolved:

vsock/vmci: Clear the vmci transport packet properly when initializing it

In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left in the structure.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd021c344051af91f42c5ba9fdedc176740cbd238 < 19c2cc01ff9a8031398a802676ffb0f4692dd95daffected
LinuxLinuxd021c344051af91f42c5ba9fdedc176740cbd238 < 1c1bcb0e78230f533b4103e8cf271d17c3f469f0affected
LinuxLinuxd021c344051af91f42c5ba9fdedc176740cbd238 < 2d44723a091bc853272e1a51a488a3d22b80be5eaffected
LinuxLinuxd021c344051af91f42c5ba9fdedc176740cbd238 < 0a01021317375b8d1895152f544421ce49299eb1affected
LinuxLinuxd021c344051af91f42c5ba9fdedc176740cbd238 < 94d0c326cb3ee6b0f8bd00e209550b93fcc5c839affected
LinuxLinuxd021c344051af91f42c5ba9fdedc176740cbd238 < 75705b44e0b9aaa74f4c163d93d388bcba9e386aaffected
LinuxLinuxd021c344051af91f42c5ba9fdedc176740cbd238 < e9a673153d578fd439919a24e99851b2f87ecbceaffected
LinuxLinuxd021c344051af91f42c5ba9fdedc176740cbd238 < 223e2288f4b8c262a864e2c03964ffac91744cd5affected
LinuxLinux3.9affected
LinuxLinux0 < 3.9unaffected
LinuxLinux5.4.296 <= 5.4.*unaffected
LinuxLinux5.10.240 <= 5.10.*unaffected
LinuxLinux5.15.187 <= 5.15.*unaffected
LinuxLinux6.1.144 <= 6.1.*unaffected
LinuxLinux6.6.97 <= 6.6.*unaffected
LinuxLinux6.12.37 <= 6.12.*unaffected
LinuxLinux6.15.6 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References