Description

In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features

INFO

Published Date :

2024-08-21T00:06:25.114Z

Last Modified :

2025-11-03T22:06:23.270Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-43873 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43873.

URL Resource
https://git.kernel.org/stable/c/1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 cve-icon cve-icon
https://git.kernel.org/stable/c/3062cb100787a9ddf45de30004b962035cd497fb cve-icon cve-icon
https://git.kernel.org/stable/c/30bd4593669443ac58515e23557dc8cef70d8582 cve-icon cve-icon
https://git.kernel.org/stable/c/ea558f10fb05a6503c6e655a1b7d81fdf8e5924c cve-icon cve-icon
https://git.kernel.org/stable/c/eab96e8716cbfc2834b54f71cc9501ad4eec963b cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43873-c547@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-43873 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-43873 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact