CVE-2024-44996
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix recursive ->recvmsg calls
After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg(). Thus the following recursiion could happen:
vsock_bpf_recvmsg() -> __vsock_recvmsg() -> vsock_connectible_recvmsg() -> prot->recvmsg() -> vsock_bpf_recvmsg() again
We need to fix it by calling the original ->recvmsg() without any BPF sockmap logic in __vsock_recvmsg().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 634f1a7110b439c65fd8a809171c1d2d28bcea6f < 921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5 | affected |
| Linux | Linux | 634f1a7110b439c65fd8a809171c1d2d28bcea6f < b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135 | affected |
| Linux | Linux | 634f1a7110b439c65fd8a809171c1d2d28bcea6f < 69139d2919dd4aa9a553c8245e7c63e82613e3fc | affected |
| Linux | Linux | 6.4 | affected |
| Linux | Linux | 0 < 6.4 | unaffected |
| Linux | Linux | 6.6.48 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.7 <= 6.10.* | unaffected |
| Linux | Linux | 6.11 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5
- https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135
- https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.