Updated: 2025-12-28 03:51:32.22649
Description:
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add a lockdep assert. BUG: unable to handle page fault for address: fffffbfff8056000 Oops: Oops: 0000 [#1] SMP KASAN RIP: 0010:vsock_assign_transport+0x366/0x600 Call Trace: vsock_connect+0x59c/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 4.7 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 4.7 | MEDIUM | Released | CLSA-2025:1757699471 | 2025-09-12 19:26:08 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 4.7 | MEDIUM | Released | CLSA-2025:1763731262 | 2025-11-21 22:00:13 | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 4.7 | MEDIUM | Released | CLSA-2025:1763734783 | 2025-11-21 22:00:14 | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 4.7 | MEDIUM | In Testing | CLSA-2025:1763722365 | 2025-12-08 18:27:33 | |
| TuxCare 9.6 ESU | kernel | 5.14.0 | 4.7 | MEDIUM | Needs Triage | 2025-12-28 07:56:15 |