In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: discard packets if the transport changes
If the socket has been de-assigned or assigned to another transport,
we must discard any packets received because they are not expected
and would cause issues when we access vsk->transport.
A possible scenario is described by Hyunwoo Kim in the attached link,
where after a first connect() interrupted by a signal, and a second
connect() failed, we can find vsk->transport at NULL, leading to a
NULL pointer dereference.
| Score | Percentile |
|---|---|
| 0.03% | 9.09% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-7hhm-hgmx-pp76 ↗ |
| CVE | CVE-2025-21669 ↗ |
| CWE id | Name |
|---|---|
| CWE-476 | NULL Pointer Dereference |