{ "threat_severity" : "Moderate", "public_date" : "2024-07-16T00:00:00Z", "bugzilla" : { "description" : "kernel: vsock: remove vsock from connected table when connect is interrupted by a signal", "id" : "2298122", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2298122" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-371", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nvsock: remove vsock from connected table when connect is interrupted by a signal\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it's\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y.", "A vulnerability was found in the Linux kernel's vsock subsystem's vsock_stream_connect() function where improper handling of the socket state can lead to the connected table's list being corrupted. This occurs when a signal interrupt occurs and resets the socket's state without removing it from the connected table; the process then attempts the connect() function again, which if successful, can lead to the socket being added a second time to the connected table, corrupting the linked list structure used for managing connected sockets. This vulnerability can potentially lead to memory corruption and system instability." ], "statement" : "This issue is fixed in RHEL-9.1 and above\n~~~\nin (rhel-8.7, rhel-8.8, rhel-8.9, rhel-8.10) vsock: remove vsock from connected table when connect is interrupted by a signal\nin (rhel-9.1, rhel-9.2, rhel-9.3, rhel-9.4, rhel-9.5) vsock: remove vsock from connected table when connect is interrupted by a signal\n~~~\nPlease note that while RHEL-9 kernel-rt still appears as affected, it has been fixed in the same RHSA as RHEL-9 kernel. This is because from RHEL-9.3 onwards, the kernel and kernel-rt fixes are bundled together in a single errata.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7683", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-425.3.1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2024-11-26T00:00:00Z", "advisory" : "RHSA-2024:10273", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "kernel-0:4.18.0-372.131.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2024-11-26T00:00:00Z", "advisory" : "RHSA-2024:10273", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "kernel-0:4.18.0-372.131.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2024-11-26T00:00:00Z", "advisory" : "RHSA-2024:10273", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kernel-0:4.18.0-372.131.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6991", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.117.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6990", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.117.1.rt21.189.el9_0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-48786\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48786\nhttps://lore.kernel.org/linux-cve-announce/2024071637-CVE-2022-48786-7416@gregkh/T" ], "name" : "CVE-2022-48786", "csaw" : false }