CVE-2022-48786

CVE-2022-48786

Título es
CVE-2022-48786

Mar, 16/07/2024 – 12:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2022-48786

Descripción en
In the Linux kernel, the following vulnerability has been resolved:

vsock: remove vsock from connected table when connect is interrupted by a signal

vsock_connect() expects that the socket could already be in the
TCP_ESTABLISHED state when the connecting task wakes up with a signal
pending. If this happens the socket will be in the connected table, and
it is not removed when the socket state is reset. In this situation it's
common for the process to retry connect(), and if the connection is
successful the socket will be added to the connected table a second
time, corrupting the list.

Prevent this by calling vsock_remove_connected() if a signal is received
while waiting for a connection. This is harmless if the socket is not in
the connected table, and if it is in the table then removing it will
prevent list corruption from a double add.

Note for backporting: this patch requires d5afa82c977e ("vsock: correct
removal of socket from the list"), which is in all current stable trees
except 4.9.y.

16/07/2024
16/07/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc

  • https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549

  • https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7

  • https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94

  • https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44

  • https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8

  • https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c

  • https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608

    • Enviar en el boletín
    Off

    Jose Alexis Correa Valencia

    Consultor de sistemas informáticos avanzados con más de 25 años de experiencia en el sector privado. Su carrera se ha enfocado en el análisis y diseño de sistemas, la instalación y configuración de hardware y software, así como en la administración de redes para diversas empresas. Además, ha tenido el privilegio de ser capacitador en temáticas avanzadas, especializándose en el manejo de datos en línea, la seguridad de transacciones y los multimedios.

    Ver todas las entradas