Vsock Vulnerability in Linux Kernel Affects Socket Management
CVE-2025-40248
What is CVE-2025-40248?
A vulnerability in the Linux kernel's vsock implementation can lead to improper management of established sockets during a connect operation. When a connect() call encounters a signal or timeout after a socket has already been established, it initiates disconnection processes that can interfere with ongoing data transmission, potentially raising application state inconsistencies. This race condition may lead to an elevation of unsent bytes, confusion in SOCK_LINGER management, and problematic interactions with sockmaps, ultimately risking use-after-free or null pointer dereferencing scenarios. Developers are advised to maintain disconnection logic solely for unconnected sockets to prevent these issues.
Affected Version(s)
Linux d021c344051af91f42c5ba9fdedc176740cbd238 < 3f71753935d648082a8279a97d30efe6b85be680
Linux d021c344051af91f42c5ba9fdedc176740cbd238 < 5998da5a8208ae9ad7838ba322bccb2bdcd95e81
Linux d021c344051af91f42c5ba9fdedc176740cbd238