Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow
There are two issues around seqpacket_allow:
- seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized.
- if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don’t usually do this but it’s legal and there’s no way to be sure no one relies on this).
To fix:
- initialize seqpacket_allow after allocation
- set it unconditionally in set_features
Details
- Affected product:
- AlmaLinux 9.2 ESU
- Affected packages:
- kernel @ 5.14.0
In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow
There are two issues around seqpacket_allow:
- seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized.
- if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don’t usually do this but it’s legal and there’s no way to be sure no one relies on this).
To fix:
- initialize seqpacket_allow after allocation
- set it unconditionally in set_features