CVE-2022-48786
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/07/2024
Last modified:
03/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
vsock: remove vsock from connected table when connect is interrupted by a signal<br />
<br />
vsock_connect() expects that the socket could already be in the<br />
TCP_ESTABLISHED state when the connecting task wakes up with a signal<br />
pending. If this happens the socket will be in the connected table, and<br />
it is not removed when the socket state is reset. In this situation it&#39;s<br />
common for the process to retry connect(), and if the connection is<br />
successful the socket will be added to the connected table a second<br />
time, corrupting the list.<br />
<br />
Prevent this by calling vsock_remove_connected() if a signal is received<br />
while waiting for a connection. This is harmless if the socket is not in<br />
the connected table, and if it is in the table then removing it will<br />
prevent list corruption from a double add.<br />
<br />
Note for backporting: this patch requires d5afa82c977e ("vsock: correct<br />
removal of socket from the list"), which is in all current stable trees<br />
except 4.9.y.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.9 (including) | 4.9.303 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 4.14.268 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.231 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.181 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.102 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.25 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.16.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc
- https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549
- https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7
- https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94
- https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44
- https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8
- https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c
- https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608
- https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc
- https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549
- https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7
- https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94
- https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44
- https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8
- https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c
- https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608