Socket Binding Vulnerability in Linux Kernel
CVE-2025-21756

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability in the Linux kernel allows for improper socket binding, leading to potential use-after-free scenarios. Specifically, the issue arises in the vsock module where socket bindings may not be preserved correctly during transport reassignment. This flaw can cause unintended memory access, potentially leading to crashes or arbitrary code execution. Proper handling and checking of socket states before removal from bound lists are essential to mitigate the risk associated with this vulnerability.

Affected Version(s)

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 3f43540166128951cc1be7ab1ce6b7f05c670d8b

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a < 645ce25aa0e67895b11d89f27bb86c9d444c40f8

Linux c0cfa2d8a788fcf45df5bf4070ab2474c88d543a

References

https://git.kernel.org/stable/c/3f43540166128951cc1be7ab1...

https://git.kernel.org/stable/c/645ce25aa0e67895b11d89f27...

https://git.kernel.org/stable/c/b1afd40321f1c243cffbcf40e...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024