CVE-2025-1290

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://issues.chromium.org/issues/b/301886931", "name": "https://issues.chromium.org/issues/b/301886931", "tags": ["Broken Link"], "refsource": ""}, {"url": "https://issuetracker.google.com/issues/301886931", "name": "https://issuetracker.google.com/issues/301886931", "tags": ["Exploit", "Issue Tracking", "Mailing List"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure \nduring an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-1290", "ASSIGNER": "chromeos-security@chromium.org"}}, "impact": {}, "publishedDate": "2025-04-17T01:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:chrome_os:15474.84.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.4:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-11T13:55Z"}