216.73.217.64

CVE-2024-44996

· Published 04/09/2024 20:15 · Modified 16/09/2024 12:21

Labels: CVE-2024-44996 2024-09-04416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-44996CWE-674

Essential information

Published
04/09/2024 20:15
Modified
16/09/2024 12:21
Author
Creator
CVSS
5.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg(). Thus the following recursiion could happen: vsock_bpf_recvmsg() -> __vsock_recvmsg() -> vsock_connectible_recvmsg() -> prot->recvmsg() -> vsock_bpf_recvmsg() again We need to fix it by calling the original ->recvmsg() without any BPF sockmap logic in __vsock_recvmsg().

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*

References