CVE-2025-40248

NONE EPSS 9.4%
Published Dec 4, 20256mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 4, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock_transport_cancel_pkt() -> virtio_transport_purge_skbs() may race with sendmsg() invoking virtio_transport_get_credit(). This results in a permanently elevated `vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling. 2. connect() resetting a connected socket's state may race with socket being placed in a sockmap. A disconnected socket remaining in a sockmap breaks sockmap's assumptions. And gives rise to WARNs. 3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a transport change/drop after TCP_ESTABLISHED. Which poses a problem for any simultaneous sendmsg() or connect() and may result in a use-after-free/null-ptr-deref. Do not disconnect socket on signal/timeout. Keep the logic for unconnected sockets: they don't linger, can't be placed in a sockmap, are rejected by sendmsg(). [1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/ [2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/ [3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/

Threat Intelligence

EPSS Exploit Probability
9.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 9

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-253495.html
  • git.kernel.org https://git.kernel.org/stable/c/002541ef650b742a198e4be363881439bb9d86b4
  • git.kernel.org https://git.kernel.org/stable/c/3f71753935d648082a8279a97d30efe6b85be680
  • git.kernel.org https://git.kernel.org/stable/c/5998da5a8208ae9ad7838ba322bccb2bdcd95e81
  • git.kernel.org https://git.kernel.org/stable/c/67432915145848658149683101104e32f9fd6559
  • git.kernel.org https://git.kernel.org/stable/c/ab6b19f690d89ae4709fba73a3c4a7911f495b7a
  • git.kernel.org https://git.kernel.org/stable/c/da664101fb4a0de5cb70d2bae6a650df954df2af
  • git.kernel.org https://git.kernel.org/stable/c/eeca93f06df89be5a36305b7b9dae1ed65550dfc
  • git.kernel.org https://git.kernel.org/stable/c/f1c170cae285e4b8f61be043bb17addc3d0a14b5

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.