{"id":"ASB-A-439253642","details":"In __vsock_bind_connectible of af_vsock.c, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-439253642","CVE-2025-38618"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2026-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2026-03-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/f6266e6d89233aa417e1c684c10102ef1b966ee5"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/1ccd273c6de4baef8a0a70971bfa3c8e69fc71d9"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/31fc378e731204bbc3a556beb8e10d2a46e4c774"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2026-03-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","signature_version":"v1","id":"ASB-A-439253642-2290d8ab","target":{"file":"net/vmw_vsock/af_vsock.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["313398479619233335172454491864747162399","17705837403744105389398506657096709059","297942217469772507644689495074536641396","97959202599283798676745410015723520173"]},"source":"https://android.googlesource.com/kernel/common/+/1ccd273c6de4baef8a0a70971bfa3c8e69fc71d9"},{"signature_type":"Function","target":{"function":"__vsock_bind_connectible","file":"net/vmw_vsock/af_vsock.c"},"id":"ASB-A-439253642-7fdd59f4","signature_version":"v1","deprecated":false,"digest":{"function_hash":"317819182487369943827217752273956802274","length":887},"source":"https://android.googlesource.com/kernel/common/+/f6266e6d89233aa417e1c684c10102ef1b966ee5"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-439253642-8909ad5f","target":{"function":"__vsock_bind_connectible","file":"net/vmw_vsock/af_vsock.c"},"deprecated":false,"digest":{"function_hash":"169002310476267520799577327237012848551","length":852},"source":"https://android.googlesource.com/kernel/common/+/1ccd273c6de4baef8a0a70971bfa3c8e69fc71d9"},{"signature_type":"Line","target":{"file":"net/vmw_vsock/af_vsock.c"},"id":"ASB-A-439253642-bf2776f0","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["313398479619233335172454491864747162399","17705837403744105389398506657096709059","297942217469772507644689495074536641396","97959202599283798676745410015723520173"]},"source":"https://android.googlesource.com/kernel/common/+/f6266e6d89233aa417e1c684c10102ef1b966ee5"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-439253642-caf31f2e","target":{"file":"net/vmw_vsock/af_vsock.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["313398479619233335172454491864747162399","17705837403744105389398506657096709059","297942217469772507644689495074536641396","97959202599283798676745410015723520173"]},"source":"https://android.googlesource.com/kernel/common/+/31fc378e731204bbc3a556beb8e10d2a46e4c774"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-439253642-f7b44fce","target":{"function":"__vsock_bind_connectible","file":"net/vmw_vsock/af_vsock.c"},"deprecated":false,"digest":{"function_hash":"169002310476267520799577327237012848551","length":852},"source":"https://android.googlesource.com/kernel/common/+/31fc378e731204bbc3a556beb8e10d2a46e4c774"}],"spl":"2026-03-05","severity":"High","fixes":["https://android.googlesource.com/kernel/common/+/f6266e6d89233aa417e1c684c10102ef1b966ee5","https://android.googlesource.com/kernel/common/+/1ccd273c6de4baef8a0a70971bfa3c8e69fc71d9","https://android.googlesource.com/kernel/common/+/31fc378e731204bbc3a556beb8e10d2a46e4c774"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-439253642.json"}}],"schema_version":"1.7.5"}