| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024082136-CVE-2024-43873-c547@gregkh>
Date: Wed, 21 Aug 2024 08:07:37 +0800
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-43873: vhost/vsock: always initialize seqpacket_allow
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow
There are two issues around seqpacket_allow:
1. seqpacket_allow is not initialized when socket is
created. Thus if features are never set, it will be
read uninitialized.
2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,
then seqpacket_allow will not be cleared appropriately
(existing apps I know about don't usually do this but
it's legal and there's no way to be sure no one relies
on this).
To fix:
- initialize seqpacket_allow after allocation
- set it unconditionally in set_features
The Linux kernel CVE team has assigned CVE-2024-43873 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.14 with commit ced7b713711f and fixed in 5.15.165 with commit ea558f10fb05
Issue introduced in 5.14 with commit ced7b713711f and fixed in 6.1.103 with commit 3062cb100787
Issue introduced in 5.14 with commit ced7b713711f and fixed in 6.6.44 with commit 30bd45936694
Issue introduced in 5.14 with commit ced7b713711f and fixed in 6.10.3 with commit eab96e8716cb
Issue introduced in 5.14 with commit ced7b713711f and fixed in 6.11-rc1 with commit 1e1fdcbdde3b
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-43873
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/vhost/vsock.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c
https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb
https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582
https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b
https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22
Powered by blists - more mailing lists