CVE-2025-40248
Published: Dec 4, 2025
Modified: Jun 2, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock_transport_cancel_pkt() -> virtio_transport_purge_skbs() may race with sendmsg() invoking virtio_transport_get_credit(). This results in a permanently elevated `vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling. 2. connect() resetting a connected socket's state may race with socket being placed in a sockmap. A disconnected socket remaining in a sockmap breaks sockmap's assumptions. And gives rise to WARNs. 3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a transport change/drop after TCP_ESTABLISHED. Which poses a problem for any simultaneous sendmsg() or connect() and may result in a use-after-free/null-ptr-deref. Do not disconnect socket on signal/timeout. Keep the logic for unconnected sockets: they don't linger, can't be placed in a sockmap, are rejected by sendmsg(). [1]: https://lore.kernel.org/netdev/[email protected]/ [2]: https://lore.kernel.org/netdev/[email protected]/ [3]: https://lore.kernel.org/netdev/[email protected]/
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected d021c344051af91f42c5ba9fdedc176740cbd238 - < 3f71753935d648082a8279a97d30efe6b85be680affected d021c344051af91f42c5ba9fdedc176740cbd238 - < da664101fb4a0de5cb70d2bae6a650df954df2afaffected d021c344051af91f42c5ba9fdedc176740cbd238 - < 67432915145848658149683101104e32f9fd6559affected d021c344051af91f42c5ba9fdedc176740cbd238 - < eeca93f06df89be5a36305b7b9dae1ed65550dfcaffected d021c344051af91f42c5ba9fdedc176740cbd238 - < 5998da5a8208ae9ad7838ba322bccb2bdcd95e81+3 more versions |
Linux | Linux | affected 3.9unaffected 0 - < 3.9unaffected 5.4.302 - <= 5.4.*unaffected 5.10.247 - <= 5.10.*unaffected 5.15.197 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now