CVE-2025-38403

Advisory lineage Upstream: 0 Downstream: 58

Downstream

DEBIAN-CVE-2025-38403 DLA-4327-1 DLA-4328-1 DSA-5973-1 MGASA-2025-0218 MGASA-2025-0219

Analyzed

Published: 25 Jul 2025, 13:08

Last modified:11 May 2026, 21:27

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.06% LOW

0% probability +0.04%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Jul 2025, 13:08

Published

Vulnerability first disclosed

11 May 2026, 21:27

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left in the structure.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.06%• Percentile: 19%

Affected Systems

debian•debian_linux
11.0
linux•linux
≥ d021c344051af91f42c5ba9fdedc176740cbd238, < 19c2cc01ff9a8031398a802676ffb0f4692dd95d | ≥ d021c344051af91f42c5ba9fdedc176740cbd238, < 1c1bcb0e78230f533b4103e8cf271d17c3f469f0 | ≥ d021c344051af91f42c5ba9fdedc176740cbd238, < 2d44723a091bc853272e1a51a488a3d22b80be5e | ≥ d021c344051af91f42c5ba9fdedc176740cbd238, < 0a01021317375b8d1895152f544421ce49299eb1 | ≥ d021c344051af91f42c5ba9fdedc176740cbd238, < 94d0c326cb3ee6b0f8bd00e209550b93fcc5c839 | ≥ d021c344051af91f42c5ba9fdedc176740cbd238, < 75705b44e0b9aaa74f4c163d93d388bcba9e386a | ≥ d021c344051af91f42c5ba9fdedc176740cbd238, < e9a673153d578fd439919a24e99851b2f87ecbce | ≥ d021c344051af91f42c5ba9fdedc176740cbd238, < 223e2288f4b8c262a864e2c03964ffac91744cd5 | 3.9
linux•linux_kernel
≥ 3.9, < 5.4.296 | ≥ 5.5, < 5.10.240 | ≥ 5.11, < 5.15.187 | ≥ 5.16, < 6.1.144 | ≥ 6.2, < 6.6.97 | ≥ 6.7, < 6.12.37 | ≥ 6.13, < 6.15.6 | 6.16:rc1 | 6.16:rc2 | 6.16:rc3 | 6.16:rc4