{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-38611", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.029Z", "datePublished": "2025-08-19T17:03:53.978Z", "dateUpdated": "2025-08-19T17:03:53.978Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-08-19T17:03:53.978Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: Prevent the dispatching of uninitialized payloads\n\nThe reproducer executes the host's unlocked_ioctl call in two different\ntasks. When init_context fails, the struct vmci_event_ctx is not fully\ninitialized when executing vmci_datagram_dispatch() to send events to all\nvm contexts. This affects the datagram taken from the datagram queue of\nits context by another task, because the datagram payload is not initialized\naccording to the size payload_size, which causes the kernel data to leak\nto the user space.\n\nBefore dispatching the datagram, and before setting the payload content,\nexplicitly set the payload content to 0 to avoid data leakage caused by\nincomplete payload initialization."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/vmw_vmci/vmci_context.c"], "versions": [{"version": "28d6692cd8fb2a900edba5e5983be4478756ef6f", "lessThan": "bfd6b211fe8aae79acbedd19e8d5bea5d062a41b", "status": "affected", "versionType": "git"}, {"version": "28d6692cd8fb2a900edba5e5983be4478756ef6f", "lessThan": "6696a46f4ebdc7314ff23a2fb0e93a95da2c45ee", "status": "affected", "versionType": "git"}, {"version": "28d6692cd8fb2a900edba5e5983be4478756ef6f", "lessThan": "87f8f8654e55cf9327cc63746595085a041699dc", "status": "affected", "versionType": "git"}, {"version": "28d6692cd8fb2a900edba5e5983be4478756ef6f", "lessThan": "7624fe66a0832eb6fe4e465fcdd4f9104fb9b339", "status": "affected", "versionType": "git"}, {"version": "28d6692cd8fb2a900edba5e5983be4478756ef6f", "lessThan": "94112b0d443e0b6b5bb17854f97c1498064cc9ed", "status": "affected", "versionType": "git"}, {"version": "28d6692cd8fb2a900edba5e5983be4478756ef6f", "lessThan": "bfb4cf9fb97e4063f0aa62e9e398025fb6625031", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/vmw_vmci/vmci_context.c"], "versions": [{"version": "3.9", "status": "affected"}, {"version": "0", "lessThan": "3.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.148", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.102", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.42", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.10", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.1", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.1.148"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.6.102"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.12.42"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.15.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.16.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.17-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/bfd6b211fe8aae79acbedd19e8d5bea5d062a41b"}, {"url": "https://git.kernel.org/stable/c/6696a46f4ebdc7314ff23a2fb0e93a95da2c45ee"}, {"url": "https://git.kernel.org/stable/c/87f8f8654e55cf9327cc63746595085a041699dc"}, {"url": "https://git.kernel.org/stable/c/7624fe66a0832eb6fe4e465fcdd4f9104fb9b339"}, {"url": "https://git.kernel.org/stable/c/94112b0d443e0b6b5bb17854f97c1498064cc9ed"}, {"url": "https://git.kernel.org/stable/c/bfb4cf9fb97e4063f0aa62e9e398025fb6625031"}], "title": "vmci: Prevent the dispatching of uninitialized payloads", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: Prevent the dispatching of uninitialized payloads\n\nThe reproducer executes the host's unlocked_ioctl call in two different\ntasks. When init_context fails, the struct vmci_event_ctx is not fully\ninitialized when executing vmci_datagram_dispatch() to send events to all\nvm contexts. This affects the datagram taken from the datagram queue of\nits context by another task, because the datagram payload is not initialized\naccording to the size payload_size, which causes the kernel data to leak\nto the user space.\n\nBefore dispatching the datagram, and before setting the payload content,\nexplicitly set the payload content to 0 to avoid data leakage caused by\nincomplete payload initialization."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vmci: Impedir el env\u00edo de payloads no inicializadas El reproductor ejecuta la llamada unlocked_ioctl del host en dos tareas diferentes. Cuando init_context falla, la estructura vmci_event_ctx no se inicializa por completo al ejecutar vmci_datagram_dispatch() para enviar eventos a todos los contextos de la m\u00e1quina virtual. Esto afecta al datagrama tomado de la cola de datagramas de su contexto por otra tarea, porque el payload del datagrama no se inicializa seg\u00fan el tama\u00f1o payload_size, lo que provoca que los datos del kernel se filtren al espacio de usuario. Antes de enviar el datagrama y antes de configurar el contenido del payload, configure expl\u00edcitamente el contenido de la carga \u00fatil a 0 para evitar la fuga de datos causada por la inicializaci\u00f3n incompleta del payload."}], "id": "CVE-2025-38611", "lastModified": "2025-08-20T14:40:17.713", "metrics": {}, "published": "2025-08-19T17:15:39.633", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6696a46f4ebdc7314ff23a2fb0e93a95da2c45ee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7624fe66a0832eb6fe4e465fcdd4f9104fb9b339"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/87f8f8654e55cf9327cc63746595085a041699dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/94112b0d443e0b6b5bb17854f97c1498064cc9ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bfb4cf9fb97e4063f0aa62e9e398025fb6625031"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bfd6b211fe8aae79acbedd19e8d5bea5d062a41b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: vmci: Prevent the dispatching of uninitialized payloads", "id": "2389479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389479"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-38611", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38611\nhttps://lore.kernel.org/linux-cve-announce/2025081923-CVE-2025-38611-e9f6@gregkh/T"], "threat_severity": "Moderate"}