CVE-2024-43873 Information

Aug 22, 2024 cve

Description

In the Linux kernel the following vulnerability has been resolved:

vhost/vsock: always initialize seqpacket_allow

There are two issues around seqpacket_allow:

  1. seqpacket_allow is not initialized when socket is created. Thus if features are never set it will be read uninitialized.
  2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared then seqpacket_allow will not be cleared appropriately (existing apps I know about don’t usually do this but it’s legal and there’s no way to be sure no one relies on this).

To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features

Reference

https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582 https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22

Share on: