Primary

Context

Linux Kernel Sockmap Vulnerability in VSOCK Handling

Vulnerability

A vulnerability in the Linux kernel's handling of VSOCK (virtual socket) connections within the sockmap feature has been identified. This issue arises because connectible sockets, which are not fully connected, can lose their assigned transport, leading to a null pointer dereference. The problem is exacerbated by the fact that listening VSOCKs should not have any transport assigned, yet a socket can retain a transport during a failed connection attempt, resulting in a listening VSOCK being improperly managed by the sockmap.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash in the kernel.

Reproduction

The vulnerability can be reproduced by creating a connectible VSOCK socket that loses its transport assignment, and then allowing it to be managed by the sockmap while in a listening state. This sequence of events triggers the null pointer dereference in the kernel.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Sockmap Vulnerability in VSOCK Handling

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating