-

CVE-2025-40248

In the Linux kernel, the following vulnerability has been resolved:

vsock: Ignore signal/timeout on connect() if already established

During connect(), acting on a signal/timeout by disconnecting an already
established socket leads to several issues:

1. connect() invoking vsock_transport_cancel_pkt() ->
   virtio_transport_purge_skbs() may race with sendmsg() invoking
   virtio_transport_get_credit(). This results in a permanently elevated
   `vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.

2. connect() resetting a connected socket's state may race with socket
   being placed in a sockmap. A disconnected socket remaining in a sockmap
   breaks sockmap's assumptions. And gives rise to WARNs.

3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a
   transport change/drop after TCP_ESTABLISHED. Which poses a problem for
   any simultaneous sendmsg() or connect() and may result in a
   use-after-free/null-ptr-deref.

Do not disconnect socket on signal/timeout. Keep the logic for unconnected
sockets: they don't linger, can't be placed in a sockmap, are rejected by
sendmsg().

[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/
[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/
[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 3f71753935d648082a8279a97d30efe6b85be680
Version d021c344051af91f42c5ba9fdedc176740cbd238
Status affected
Version < da664101fb4a0de5cb70d2bae6a650df954df2af
Version d021c344051af91f42c5ba9fdedc176740cbd238
Status affected
Version < 67432915145848658149683101104e32f9fd6559
Version d021c344051af91f42c5ba9fdedc176740cbd238
Status affected
Version < eeca93f06df89be5a36305b7b9dae1ed65550dfc
Version d021c344051af91f42c5ba9fdedc176740cbd238
Status affected
Version < 5998da5a8208ae9ad7838ba322bccb2bdcd95e81
Version d021c344051af91f42c5ba9fdedc176740cbd238
Status affected
Version < f1c170cae285e4b8f61be043bb17addc3d0a14b5
Version d021c344051af91f42c5ba9fdedc176740cbd238
Status affected
Version < ab6b19f690d89ae4709fba73a3c4a7911f495b7a
Version d021c344051af91f42c5ba9fdedc176740cbd238
Status affected
Version < 002541ef650b742a198e4be363881439bb9d86b4
Version d021c344051af91f42c5ba9fdedc176740cbd238
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 3.9
Status affected
Version < 3.9
Version 0
Status unaffected
Version <= 5.4.*
Version 5.4.302
Status unaffected
Version <= 5.10.*
Version 5.10.247
Status unaffected
Version <= 5.15.*
Version 5.15.197
Status unaffected
Version <= 6.1.*
Version 6.1.159
Status unaffected
Version <= 6.6.*
Version 6.6.118
Status unaffected
Version <= 6.12.*
Version 6.12.60
Status unaffected
Version <= 6.17.*
Version 6.17.10
Status unaffected
Version <= *
Version 6.18
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.087
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String