CVE-2024-50169

CVE-2024-50169 is a Linux kernel vulnerability in virtio_vsock/rx accounting. The connected Nessus entry confirms a concrete fix: after vtock read_skb(), the kernel now updates rx_bytes via virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt() to keep rx_bytes in sync with dequeued pack...

CVE-2024-50169 vsock: Update rx_bytes on read_skb()

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rxbytes on readskb Make sure virtiotransportincrxpkt and virtiotransportdecrxpkt calls are balanced i.e. virtiovsocksock::rxbytes doesn't lie after vsocktransport::readskb. While here, also inform the peer that we'v...