CVE-2024-43873
Published: Aug 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ced7b713711fdd8f99d8d04dc53451441d194c60 - < ea558f10fb05a6503c6e655a1b7d81fdf8e5924caffected ced7b713711fdd8f99d8d04dc53451441d194c60 - < 3062cb100787a9ddf45de30004b962035cd497fbaffected ced7b713711fdd8f99d8d04dc53451441d194c60 - < 30bd4593669443ac58515e23557dc8cef70d8582affected ced7b713711fdd8f99d8d04dc53451441d194c60 - < eab96e8716cbfc2834b54f71cc9501ad4eec963baffected ced7b713711fdd8f99d8d04dc53451441d194c60 - < 1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 |
Linux | Linux | affected 5.14unaffected 0 - < 5.14unaffected 5.15.165 - <= 5.15.*unaffected 6.1.103 - <= 6.1.*unaffected 6.6.44 - <= 6.6.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now