CVE-2022-48786

{"id": "CVE-2022-48786", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-16T12:15:03.560", "references": [{"url": "https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: remove vsock from connected table when connect is interrupted by a signal\n\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it's\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\n\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\n\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: elimina vsock de la tabla conectada cuando la conexi\u00f3n es interrumpida por una se\u00f1al vsock_connect() espera que el socket ya est\u00e9 en el estado TCP_ESTABLISHED cuando la tarea de conexi\u00f3n se activa con una se\u00f1al pendiente. Si esto sucede, el socket estar\u00e1 en la tabla conectada y no se eliminar\u00e1 cuando se restablezca el estado del socket. En esta situaci\u00f3n, es com\u00fan que el proceso vuelva a intentar conectar() y, si la conexi\u00f3n es exitosa, el socket se agregar\u00e1 a la tabla conectada por segunda vez, corrompiendo la lista. Evite esto llamando a vsock_remove_connected() si se recibe una se\u00f1al mientras se espera una conexi\u00f3n. Esto es inofensivo si el socket no est\u00e1 en la tabla conectada, y si est\u00e1 en la tabla, eliminarlo evitar\u00e1 la corrupci\u00f3n de la lista debido a una doble adici\u00f3n. Nota para la compatibilidad: este parche requiere d5afa82c977e (\"vsock: eliminaci\u00f3n correcta del socket de la lista\"), que se encuentra en todos los \u00e1rboles estables actuales excepto 4.9.y."}], "lastModified": "2025-10-03T14:47:41.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3207BE2-BF9E-4D22-9A44-F32AC7AE535F", "versionEndExcluding": "4.9.303", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58023BD3-9FC0-4CC9-8E7D-6C88E37089DF", "versionEndExcluding": "4.14.268", "versionStartIncluding": "4.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC95C65F-81A3-45CE-9AEB-8890D21A3303", "versionEndExcluding": "4.19.231", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB33213E-1A45-4E3B-A129-58AAA2EB921D", "versionEndExcluding": "5.4.181", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAD66A9A-8D06-48D1-8AA8-FC060496FF53", "versionEndExcluding": "5.10.102", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D098AA16-8E21-4EB7-AE2F-1EEB58E1A3A3", "versionEndExcluding": "5.15.25", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D327234-5D4A-43DC-A6DF-BCA0CEBEC039", "versionEndExcluding": "5.16.11", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}