{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48786", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.890Z", "datePublished": "2024-07-16T11:43:43.677Z", "dateUpdated": "2024-11-04T12:16:31.754Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:16:31.754Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: remove vsock from connected table when connect is interrupted by a signal\n\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it's\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\n\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\n\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/af_vsock.c"], "versions": [{"version": "d021c344051a", "lessThan": "0bb88f3f7e8d", "status": "affected", "versionType": "git"}, {"version": "d021c344051a", "lessThan": "e3b3939fd137", "status": "affected", "versionType": "git"}, {"version": "d021c344051a", "lessThan": "2910bcb9f675", "status": "affected", "versionType": "git"}, {"version": "d021c344051a", "lessThan": "5f326fe2aef4", "status": "affected", "versionType": "git"}, {"version": "d021c344051a", "lessThan": "87cd1bbd6677", "status": "affected", "versionType": "git"}, {"version": "d021c344051a", "lessThan": "787468ee7a43", "status": "affected", "versionType": "git"}, {"version": "d021c344051a", "lessThan": "addd62a8cb6f", "status": "affected", "versionType": "git"}, {"version": "d021c344051a", "lessThan": "b9208492fcae", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/vmw_vsock/af_vsock.c"], "versions": [{"version": "3.9", "status": "affected"}, {"version": "0", "lessThan": "3.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.303", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.268", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.231", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.181", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.102", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.25", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.11", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc"}, {"url": "https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608"}, {"url": "https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549"}, {"url": "https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7"}, {"url": "https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44"}, {"url": "https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94"}, {"url": "https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8"}, {"url": "https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c"}], "title": "vsock: remove vsock from connected table when connect is interrupted by a signal", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.588Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48786", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:59:52.125930Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:16.278Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.588Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48786", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:59:52.125930Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:21.700Z"}}], "cna": {"title": "vsock: remove vsock from connected table when connect is interrupted by a signal", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "d021c344051a", "lessThan": "0bb88f3f7e8d", "versionType": "git"}, {"status": "affected", "version": "d021c344051a", "lessThan": "e3b3939fd137", "versionType": "git"}, {"status": "affected", "version": "d021c344051a", "lessThan": "2910bcb9f675", "versionType": "git"}, {"status": "affected", "version": "d021c344051a", "lessThan": "5f326fe2aef4", "versionType": "git"}, {"status": "affected", "version": "d021c344051a", "lessThan": "87cd1bbd6677", "versionType": "git"}, {"status": "affected", "version": "d021c344051a", "lessThan": "787468ee7a43", "versionType": "git"}, {"status": "affected", "version": "d021c344051a", "lessThan": "addd62a8cb6f", "versionType": "git"}, {"status": "affected", "version": "d021c344051a", "lessThan": "b9208492fcae", "versionType": "git"}], "programFiles": ["net/vmw_vsock/af_vsock.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.9"}, {"status": "unaffected", "version": "0", "lessThan": "3.9", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.303", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.268", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.231", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.181", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.102", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.25", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.11", "versionType": "semver", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/vmw_vsock/af_vsock.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc"}, {"url": "https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608"}, {"url": "https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549"}, {"url": "https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7"}, {"url": "https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44"}, {"url": "https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94"}, {"url": "https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8"}, {"url": "https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: remove vsock from connected table when connect is interrupted by a signal\n\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it's\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\n\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\n\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:16:31.754Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48786", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:16:31.754Z", "dateReserved": "2024-07-16T11:38:08.890Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-16T11:43:43.677Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: remove vsock from connected table when connect is interrupted by a signal\n\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it's\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\n\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\n\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock: elimina vsock de la tabla conectada cuando la conexi\u00f3n es interrumpida por una se\u00f1al vsock_connect() espera que el socket ya est\u00e9 en el estado TCP_ESTABLISHED cuando la tarea de conexi\u00f3n se activa con una se\u00f1al pendiente. Si esto sucede, el socket estar\u00e1 en la tabla conectada y no se eliminar\u00e1 cuando se restablezca el estado del socket. En esta situaci\u00f3n, es com\u00fan que el proceso vuelva a intentar conectar() y, si la conexi\u00f3n es exitosa, el socket se agregar\u00e1 a la tabla conectada por segunda vez, corrompiendo la lista. Evite esto llamando a vsock_remove_connected() si se recibe una se\u00f1al mientras se espera una conexi\u00f3n. Esto es inofensivo si el socket no est\u00e1 en la tabla conectada, y si est\u00e1 en la tabla, eliminarlo evitar\u00e1 la corrupci\u00f3n de la lista debido a una doble adici\u00f3n. Nota para la compatibilidad: este parche requiere d5afa82c977e (\"vsock: eliminaci\u00f3n correcta del socket de la lista\"), que se encuentra en todos los \u00e1rboles estables actuales excepto 4.9.y."}], "id": "CVE-2022-48786", "lastModified": "2024-07-16T13:43:58.773", "metrics": {}, "published": "2024-07-16T12:15:03.560", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2022:7683", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-425.3.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2024:6991", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.117.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6990", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.117.1.rt21.189.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: vsock: remove vsock from connected table when connect is interrupted by a signal", "id": "2298122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298122"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified"}, "cwe": "CWE-371", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvsock: remove vsock from connected table when connect is interrupted by a signal\nvsock_connect() expects that the socket could already be in the\nTCP_ESTABLISHED state when the connecting task wakes up with a signal\npending. If this happens the socket will be in the connected table, and\nit is not removed when the socket state is reset. In this situation it's\ncommon for the process to retry connect(), and if the connection is\nsuccessful the socket will be added to the connected table a second\ntime, corrupting the list.\nPrevent this by calling vsock_remove_connected() if a signal is received\nwhile waiting for a connection. This is harmless if the socket is not in\nthe connected table, and if it is in the table then removing it will\nprevent list corruption from a double add.\nNote for backporting: this patch requires d5afa82c977e (\"vsock: correct\nremoval of socket from the list\"), which is in all current stable trees\nexcept 4.9.y."], "name": "CVE-2022-48786", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48786\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48786\nhttps://lore.kernel.org/linux-cve-announce/2024071637-CVE-2022-48786-7416@gregkh/T"], "statement": "This issue is fixed in RHEL-9.1 and above\n~~~\nin (rhel-8.7, rhel-8.8, rhel-8.9, rhel-8.10) vsock: remove vsock from connected table when connect is interrupted by a signal\nin (rhel-9.1, rhel-9.2, rhel-9.3, rhel-9.4, rhel-9.5) vsock: remove vsock from connected table when connect is interrupted by a signal\n~~~\nPlease note that while RHEL-9 kernel-rt still appears as affected, it has been fixed in the same RHSA as RHEL-9 kernel. This is because from RHEL-9.3 onwards, the kernel and kernel-rt fixes are bundled together in a single errata.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.9.303, kernel 4.14.268, kernel 4.19.231, kernel 5.4.181, kernel 5.10.102, kernel 5.15.25, kernel 5.16.11, kernel 5.17"}