CVE-2024-43873

vhost/vsock: always initialize seqpacket_allow

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

vhost/vsock: always initialize seqpacket_allow

There are two issues around seqpacket_allow:
1. seqpacket_allow is not initialized when socket is
created. Thus if features are never set, it will be
read uninitialized.
2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,
then seqpacket_allow will not be cleared appropriately
(existing apps I know about don't usually do this but
it's legal and there's no way to be sure no one relies
on this).

To fix:
- initialize seqpacket_allow after allocation
- set it unconditionally in set_features

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-17 CVE Reserved
2024-08-21 CVE Published
2024-09-04 EPSS Updated
2024-09-15 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/ced7b713711fdd8f99d8d04dc53451441d194c60	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c	2024-08-19
https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb	2024-08-03
https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582	2024-08-03
https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b	2024-08-03
https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22	2024-07-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.15.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15.165"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.1.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.1.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.6.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.6.44"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.10.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.10.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.11"		en		Affected