CVE-2024-43873

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-43873
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43873.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-43873
Downstream
Related
Published
2024-08-21T00:06:25.114Z
Modified
2026-03-11T07:49:05.282728Z
Summary
vhost/vsock: always initialize seqpacket_allow
Details

In the Linux kernel, the following vulnerability has been resolved:

vhost/vsock: always initialize seqpacket_allow

There are two issues around seqpacketallow: 1. seqpacketallow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIOVSOCKFSEQPACKET is set and then cleared, then seqpacketallow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this).

To fix: - initialize seqpacketallow after allocation - set it unconditionally in setfeatures

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43873.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ced7b713711fdd8f99d8d04dc53451441d194c60
Fixed
ea558f10fb05a6503c6e655a1b7d81fdf8e5924c
Fixed
3062cb100787a9ddf45de30004b962035cd497fb
Fixed
30bd4593669443ac58515e23557dc8cef70d8582
Fixed
eab96e8716cbfc2834b54f71cc9501ad4eec963b
Fixed
1e1fdcbdde3b7663e5d8faeb2245b9b151417d22

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43873.json"