Linux Kernel Vulnerability Affecting Socket Transport Management
CVE-2025-21669

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

In the Linux kernel, a flaw in the vsock/virtio component may result in unintended behavior when socket assignments change. Specifically, if a socket is either de-assigned or reassigned, any incoming packets could lead to a NULL pointer dereference if vsk->transport is not properly validated. This issue can arise under conditions where a first connection attempt is disrupted and a subsequent attempt fails, leaving vsk->transport set to NULL. The implications of this vulnerability could lead to application instability and security risks. It is essential for users running affected Linux kernel versions to apply the latest security updates to mitigate potential threats.

Affected Version(s)

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 18a7fc371d1dbf8deff16c2dd9292bcc73f43040

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 6486915fa661584d70e8e7e4068c6c075c67dd6d

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 88244163bc7e7b0ce9dd7bf4c8a563b41525c3ee

References

https://git.kernel.org/stable/c/18a7fc371d1dbf8deff16c2dd...

https://git.kernel.org/stable/c/6486915fa661584d70e8e7e40...

https://git.kernel.org/stable/c/88244163bc7e7b0ce9dd7bf4c...

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024