CVE-2022-48786
Linux Kernel Vsock Uninitialized Connection Table Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could already be in the TCP_ESTABLISHED state when the connecting task wakes up with a signal pending. If this happens the socket will be in the connected table, and it is not removed when the socket state is reset. In this situation it's common for the process to retry connect(), and if the connection is successful the socket will be added to the connected table a second time, corrupting the list. Prevent this by calling vsock_remove_connected() if a signal is received while waiting for a connection. This is harmless if the socket is not in the connected table, and if it is in the table then removing it will prevent list corruption from a double add. Note for backporting: this patch requires d5afa82c977e ("vsock: correct removal of socket from the list"), which is in all current stable trees except 4.9.y.
INFO
Published Date :
July 16, 2024, 12:15 p.m.
Last Modified :
Nov. 21, 2024, 7:34 a.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-48786.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-48786 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-48786 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc Added Reference https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549 Added Reference https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7 Added Reference https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94 Added Reference https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44 Added Reference https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8 Added Reference https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c Added Reference https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608 -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jul. 16, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could already be in the TCP_ESTABLISHED state when the connecting task wakes up with a signal pending. If this happens the socket will be in the connected table, and it is not removed when the socket state is reset. In this situation it's common for the process to retry connect(), and if the connection is successful the socket will be added to the connected table a second time, corrupting the list. Prevent this by calling vsock_remove_connected() if a signal is received while waiting for a connection. This is harmless if the socket is not in the connected table, and if it is in the table then removing it will prevent list corruption from a double add. Note for backporting: this patch requires d5afa82c977e ("vsock: correct removal of socket from the list"), which is in all current stable trees except 4.9.y. Added Reference kernel.org https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-48786 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-48786
weaknesses.