Linux Kernel VSOCK Signal Handling Vulnerability in Established Connections

A vulnerability in the Linux kernel's VSOCK implementation can lead to several issues when a signal or timeout is handled during the connection process of an already established socket. This vulnerability affects the Linux kernel stable tree. The problem arises because disconnecting a socket that is already connected can interfere with ongoing operations, such as message sending, and disrupt the expected behavior of socket management features like SOCK_LINGER and sockmap. Additionally, the improper handling can create race conditions that may be exploited, leading to use-after-free or null pointer dereference errors.

Impact

The vulnerability can cause race conditions that disrupt normal socket operations, potentially leading to use-after-free or null pointer dereference errors. It also confuses the SOCK_LINGER handling and breaks the assumptions of the sockmap, causing warnings.

Reproduction

To reproduce this vulnerability, establish a VSOCK connection and then send a signal or timeout that triggers a disconnection. This will create a race condition between canceling the connection and sending messages, leading to an incorrect socket state and potential memory management issues.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been addressed.