CVE-2024-44996

Summary

In the Linux kernel, the following vulnerability has been resolved:

vsock: fix recursive ->recvmsg calls

After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg(). Thus the following recursiion could happen:

vsock_bpf_recvmsg() -> __vsock_recvmsg() -> vsock_connectible_recvmsg() -> prot->recvmsg() -> vsock_bpf_recvmsg() again

We need to fix it by calling the original ->recvmsg() without any BPF sockmap logic in __vsock_recvmsg().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux634f1a7110b439c65fd8a809171c1d2d28bcea6f < 921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5affected
LinuxLinux634f1a7110b439c65fd8a809171c1d2d28bcea6f < b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135affected
LinuxLinux634f1a7110b439c65fd8a809171c1d2d28bcea6f < 69139d2919dd4aa9a553c8245e7c63e82613e3fcaffected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.6.48 <= 6.6.*unaffected
LinuxLinux6.10.7 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References