Lucene search
LinuxVULNRICHMENT:CVE-2024-43873HistoryAug 21, 2024 - 12:06 a.m.
CVE-2024-43873 vhost/vsock: always initialize seqpacket_allow
2024-08-2100:06:25
Linux
github.com
2
linux kernel
vulnerability
cve-2024-43873
seqpacket_allow
vhost/vsock
In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow
There are two issues around seqpacket_allow:
- seqpacket_allow is not initialized when socket is
created. Thus if features are never set, it will be
read uninitialized. - if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,
then seqpacket_allow will not be cleared appropriately
(existing apps I know about don’t usually do this but
it’s legal and there’s no way to be sure no one relies
on this).
To fix:
- initialize seqpacket_allow after allocation
- set it unconditionally in set_features
References
git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22
git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb
git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582
git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c
git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b
Related
cvelist
cvelist
CVE-2024-43873 vhost/vsock: always initialize seqpacket_allow
2024-08-21 00:06:25
cve
cve
CVE-2024-43873
2024-08-21 01:15:11
osv
osv
CVE-2024-43873
2024-08-21 01:15:11
Security update for the Linux Kernel
2024-09-10 08:46:37
Security update for the Linux Kernel
2024-09-11 15:39:03
redhatcve
redhatcve
CVE-2024-43873
2024-08-21 19:40:19
debiancve
debiancve
CVE-2024-43873
2024-08-21 01:15:11
nvd
nvd
CVE-2024-43873
2024-08-21 01:15:11
nessus
nessus
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-709)
2024-09-09 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-051)
2024-09-09 00:00:00
Photon OS 5.0: Linux PHSA-2024-5.0-0359
2024-09-06 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0359
2024-08-28 00:00:00
AI Score
6.7
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-43873