1. Home
  2. Vulnerabilities
  3. CVE-2025-38611
0.0
NA
CVE-2025-38611
vmci: Prevent the dispatching of uninitialized payloads
Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

INFO

Published Date :

Aug. 19, 2025, 5:15 p.m.

Last Modified :

Sept. 5, 2025, 8:15 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-38611 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Update the Linux kernel to prevent uninitialized payload dispatching and data leaks.
  • Ensure the Linux kernel is updated.
  • Apply the patch for vmci: Prevent uninitialized payloads.
  • Initialize datagram payloads to zero before dispatching.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-38611 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-38611 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Sep. 05, 2025

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Sep. 05, 2025

    Action Type Old Value New Value
    Changed Description In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different tasks. When init_context fails, the struct vmci_event_ctx is not fully initialized when executing vmci_datagram_dispatch() to send events to all vm contexts. This affects the datagram taken from the datagram queue of its context by another task, because the datagram payload is not initialized according to the size payload_size, which causes the kernel data to leak to the user space. Before dispatching the datagram, and before setting the payload content, explicitly set the payload content to 0 to avoid data leakage caused by incomplete payload initialization. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
    Removed Reference kernel.org: https://git.kernel.org/stable/c/2c86366ce37f398e20fa09e7e9dc8788fbf6cf0c
    Removed Reference kernel.org: https://git.kernel.org/stable/c/6696a46f4ebdc7314ff23a2fb0e93a95da2c45ee
    Removed Reference kernel.org: https://git.kernel.org/stable/c/7624fe66a0832eb6fe4e465fcdd4f9104fb9b339
    Removed Reference kernel.org: https://git.kernel.org/stable/c/87f8f8654e55cf9327cc63746595085a041699dc
    Removed Reference kernel.org: https://git.kernel.org/stable/c/94112b0d443e0b6b5bb17854f97c1498064cc9ed
    Removed Reference kernel.org: https://git.kernel.org/stable/c/a85dc83857497fa1f68a9b23e7213949d4cb51ea
    Removed Reference kernel.org: https://git.kernel.org/stable/c/b097d921efb5bb150066365287ff046b8c8b29f5
    Removed Reference kernel.org: https://git.kernel.org/stable/c/bfb4cf9fb97e4063f0aa62e9e398025fb6625031
    Removed Reference kernel.org: https://git.kernel.org/stable/c/bfd6b211fe8aae79acbedd19e8d5bea5d062a41b
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 28, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/2c86366ce37f398e20fa09e7e9dc8788fbf6cf0c
    Added Reference https://git.kernel.org/stable/c/a85dc83857497fa1f68a9b23e7213949d4cb51ea
    Added Reference https://git.kernel.org/stable/c/b097d921efb5bb150066365287ff046b8c8b29f5
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Aug. 19, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different tasks. When init_context fails, the struct vmci_event_ctx is not fully initialized when executing vmci_datagram_dispatch() to send events to all vm contexts. This affects the datagram taken from the datagram queue of its context by another task, because the datagram payload is not initialized according to the size payload_size, which causes the kernel data to leak to the user space. Before dispatching the datagram, and before setting the payload content, explicitly set the payload content to 0 to avoid data leakage caused by incomplete payload initialization.
    Added Reference https://git.kernel.org/stable/c/6696a46f4ebdc7314ff23a2fb0e93a95da2c45ee
    Added Reference https://git.kernel.org/stable/c/7624fe66a0832eb6fe4e465fcdd4f9104fb9b339
    Added Reference https://git.kernel.org/stable/c/87f8f8654e55cf9327cc63746595085a041699dc
    Added Reference https://git.kernel.org/stable/c/94112b0d443e0b6b5bb17854f97c1498064cc9ed
    Added Reference https://git.kernel.org/stable/c/bfb4cf9fb97e4063f0aa62e9e398025fb6625031
    Added Reference https://git.kernel.org/stable/c/bfd6b211fe8aae79acbedd19e8d5bea5d062a41b
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.