CVE-2024-43873

In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22	Patch
https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb	Patch
https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582	Patch
https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c	Patch
https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-08-21 01:15

Updated : 2024-09-03 13:35

NVD link : CVE-2024-43873

Mitre link : CVE-2024-43873

CVE.ORG link : CVE-2024-43873

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-909

Missing Initialization of Resource

{"id": "CVE-2024-43873", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-08-21T01:15:11.790", "references": [{"url": "https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-909"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost/vsock: always initialize seqpacket_allow\n\nThere are two issues around seqpacket_allow:\n1. seqpacket_allow is not initialized when socket is\n created. Thus if features are never set, it will be\n read uninitialized.\n2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,\n then seqpacket_allow will not be cleared appropriately\n (existing apps I know about don't usually do this but\n it's legal and there's no way to be sure no one relies\n on this).\n\nTo fix:\n\t- initialize seqpacket_allow after allocation\n\t- set it unconditionally in set_features"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vhost/vsock: inicializar siempre seqpacket_allow Hay dos problemas relacionados con seqpacket_allow: 1. seqpacket_allow no se inicializa cuando se crea el socket. Por lo tanto, si las funciones nunca se configuran, se leer\u00e1 sin inicializar. 2. Si VIRTIO_VSOCK_F_SEQPACKET est\u00e1 configurado y luego borrado, entonces seqpacket_allow no se borrar\u00e1 apropiadamente (las aplicaciones existentes que conozco generalmente no hacen esto, pero es legal y no hay forma de estar seguro de que nadie conf\u00ede en esto). Para solucionarlo: - inicializar seqpacket_allow despu\u00e9s de la asignaci\u00f3n - configurarlo incondicionalmente en set_features"}], "lastModified": "2024-09-03T13:35:44.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F20D8A8D-1A11-440E-A3A7-0C70F9D98782", "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A", "versionEndExcluding": "6.1.103", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}