CVE-2025-38403
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left in the structure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38403
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's vmci transport packet initialization. The issue was that the vmci_transport_packet structure was not properly cleared before being populated, which could leave uninitialized data in the structure. The fix was to use memset to clear the packet properly during initialization to avoid any uninitialized data remaining.


How can this vulnerability impact me? :

The presence of uninitialized data in the vmci transport packet could potentially lead to unpredictable behavior or security issues, such as information leakage or instability in the Linux kernel's vmci communication. However, specific impacts are not detailed in the provided information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart