CVE-2024-43873

Summary

In the Linux kernel, the following vulnerability has been resolved:

vhost/vsock: always initialize seqpacket_allow

There are two issues around seqpacket_allow:

  1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized.
  2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this).

To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxced7b713711fdd8f99d8d04dc53451441d194c60 < ea558f10fb05a6503c6e655a1b7d81fdf8e5924caffected
LinuxLinuxced7b713711fdd8f99d8d04dc53451441d194c60 < 3062cb100787a9ddf45de30004b962035cd497fbaffected
LinuxLinuxced7b713711fdd8f99d8d04dc53451441d194c60 < 30bd4593669443ac58515e23557dc8cef70d8582affected
LinuxLinuxced7b713711fdd8f99d8d04dc53451441d194c60 < eab96e8716cbfc2834b54f71cc9501ad4eec963baffected
LinuxLinuxced7b713711fdd8f99d8d04dc53451441d194c60 < 1e1fdcbdde3b7663e5d8faeb2245b9b151417d22affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.165 <= 5.15.*unaffected
LinuxLinux6.1.103 <= 6.1.*unaffected
LinuxLinux6.6.44 <= 6.6.*unaffected
LinuxLinux6.10.3 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References