Linux Kernel TOCTOU Vulnerability in Socket Readability Check

Vulnerability

A time-of-check to time-of-use (TOCTOU) vulnerability has been identified in the Linux kernel's handling of socket readability. The issue arises in the 'sk_is_readable()' function when a socket is part of a sockmap. After the 'sk_psock_put()' function is called—typically when the socket is removed from the sockmap—the 'sk->sk_prot' pointer is restored, but the 'sock_is_readable' function pointer becomes NULL. This creates a race condition, as 'sk_is_readable()' can be called with a NULL pointer, leading to a null pointer dereference. The vulnerability has been addressed by ensuring that the function pointer remains valid after the initial check.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a crash or undefined behavior in the system.

Added: Jul 3, 2025, 11:15 AM

Updated: Jul 3, 2025, 11:15 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel TOCTOU Vulnerability in Socket Readability Check

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating