We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-44996

vsock: fix recursive ->recvmsg calls



AssignerLinux
Reserved2024-08-21
Published2024-09-04
Updated2024-09-04

Description

In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg(). Thus the following recursiion could happen: vsock_bpf_recvmsg() -> __vsock_recvmsg() -> vsock_connectible_recvmsg() -> prot->recvmsg() -> vsock_bpf_recvmsg() again We need to fix it by calling the original ->recvmsg() without any BPF sockmap logic in __vsock_recvmsg().

Product status

Default status
0x4001501bd0

634f1a7110b4 before 921f1acf0c3c
affected

634f1a7110b4 before b4ee8cf1acc5
affected

634f1a7110b4 before 69139d2919dd
affected

Default status
0x4001501c80

6.4
affected

Any version before 6.4
unaffected

6.6.48
unaffected

6.10.7
unaffected

6.11-rc4
unaffected

References

https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5

https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135

https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc

cve.org CVE-2024-44996

nvd.nist.gov CVE-2024-44996

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-44996
Subscribe to our newsletter to learn more about our work.