AZL-71396

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71396.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-71396

Upstream

CVE-2025-40248

Published

2025-12-04T16:16:18Z

Modified

2026-04-01T05:20:44.282388Z

Summary

CVE-2025-40248 affecting package kernel for versions less than 6.6.119.3-1

Details

In the Linux kernel, the following vulnerability has been resolved:

vsock: Ignore signal/timeout on connect() if already established

During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues:

connect() invoking vsocktransportcancelpkt() -> virtiotransportpurgeskbs() may race with sendmsg() invoking virtiotransportgetcredit(). This results in a permanently elevated vvs->bytes_unsent. Which, in turn, confuses the SOCKLINGER handling.
connect() resetting a connected socket's state may race with socket being placed in a sockmap. A disconnected socket remaining in a sockmap breaks sockmap's assumptions. And gives rise to WARNs.
connect() transitioning SSCONNECTED -> SSUNCONNECTED allows for a transport change/drop after TCP_ESTABLISHED. Which poses a problem for any simultaneous sendmsg() or connect() and may result in a use-after-free/null-ptr-deref.

Do not disconnect socket on signal/timeout. Keep the logic for unconnected sockets: they don't linger, can't be placed in a sockmap, are rejected by sendmsg().

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40248

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.119.3-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71396.json"