CVE-2022-48786
vsock: remove vsock from connected table when connect is interrupted by a signal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
vsock: remove vsock from connected table when connect is interrupted by a signal
vsock_connect() expects that the socket could already be in the
TCP_ESTABLISHED state when the connecting task wakes up with a signal
pending. If this happens the socket will be in the connected table, and
it is not removed when the socket state is reset. In this situation it's
common for the process to retry connect(), and if the connection is
successful the socket will be added to the connected table a second
time, corrupting the list.
Prevent this by calling vsock_remove_connected() if a signal is received
while waiting for a connection. This is harmless if the socket is not in
the connected table, and if it is in the table then removing it will
prevent list corruption from a double add.
Note for backporting: this patch requires d5afa82c977e ("vsock: correct
removal of socket from the list"), which is in all current stable trees
except 4.9.y.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-16 CVE Reserved
- 2024-07-16 CVE Published
- 2024-07-17 EPSS Updated
- 2024-11-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-371: State Issues
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/d021c344051af91f42c5ba9fdedc176740cbd238 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-48786 | 2024-09-24 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2298122 | 2024-09-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 4.9.303 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 4.9.303" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 4.14.268 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 4.14.268" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 4.19.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 4.19.231" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 5.4.181 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.4.181" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 5.10.102 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.10.102" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 5.15.25 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.15.25" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 5.16.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.16.11" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.17" | en |
Affected
| ||||||