CVE-2022-48786

MEDIUM EPSS 15.0%
Published Jul 16, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 16, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could already be in the TCP_ESTABLISHED state when the connecting task wakes up with a signal pending. If this happens the socket will be in the connected table, and it is not removed when the socket state is reset. In this situation it's common for the process to retry connect(), and if the connection is successful the socket will be added to the connected table a second time, corrupting the list. Prevent this by calling vsock_remove_connected() if a signal is received while waiting for a connection. This is harmless if the socket is not in the connected table, and if it is in the table then removing it will prevent list corruption from a double add. Note for backporting: this patch requires d5afa82c977e ("vsock: correct removal of socket from the list"), which is in all current stable trees except 4.9.y.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥3.9  –  <4.9.303
linuxlinux_kernel*≥4.10  –  <4.14.268
linuxlinux_kernel*≥4.15  –  <4.19.231
linuxlinux_kernel*≥4.20  –  <5.4.181
linuxlinux_kernel*≥5.5  –  <5.10.102
linuxlinux_kernel*≥5.11  –  <5.15.25
linuxlinux_kernel*≥5.16  –  <5.16.11
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608
    Patch