In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow
There are two issues around seqpacketallow: 1. seqpacketallow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIOVSOCKFSEQPACKET is set and then cleared, then seqpacketallow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this).
To fix: - initialize seqpacketallow after allocation - set it unconditionally in setfeatures
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/vhost/vsock.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "93654542722874122775379913194773839905", "206092347635005331580026363461539511647", "235315363869388241405593510398071090812", "228858146524411808423672423620873427704", "281406431232613587547736854940228262551", "326034235038460156589986739829041775413", "236488633308381210066127711398624921622", "63047528048168482201881551481995232799", "113326755304440699711757408987367321436" ], "threshold": 0.9 }, "id": "CVE-2024-43873-07c06eb4", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eab96e8716cbfc2834b54f71cc9501ad4eec963b" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_set_features" }, "signature_version": "v1", "digest": { "length": 770.0, "function_hash": "85427082366735767497034173608464206007" }, "id": "CVE-2024-43873-3fe2c1b7", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ea558f10fb05a6503c6e655a1b7d81fdf8e5924c" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/vhost/vsock.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "93654542722874122775379913194773839905", "206092347635005331580026363461539511647", "235315363869388241405593510398071090812", "228858146524411808423672423620873427704", "336851557090572847280612188565480587604", "326034235038460156589986739829041775413", "236488633308381210066127711398624921622", "63047528048168482201881551481995232799", "113326755304440699711757408987367321436" ], "threshold": 0.9 }, "id": "CVE-2024-43873-51b5e987", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ea558f10fb05a6503c6e655a1b7d81fdf8e5924c" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/vhost/vsock.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "93654542722874122775379913194773839905", "206092347635005331580026363461539511647", "235315363869388241405593510398071090812", "228858146524411808423672423620873427704", "281406431232613587547736854940228262551", "326034235038460156589986739829041775413", "236488633308381210066127711398624921622", "63047528048168482201881551481995232799", "113326755304440699711757408987367321436" ], "threshold": 0.9 }, "id": "CVE-2024-43873-530e0d8c", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30bd4593669443ac58515e23557dc8cef70d8582" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_set_features" }, "signature_version": "v1", "digest": { "length": 763.0, "function_hash": "204619040855560705206573565684442078041" }, "id": "CVE-2024-43873-6662a42e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30bd4593669443ac58515e23557dc8cef70d8582" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_dev_open" }, "signature_version": "v1", "digest": { "length": 1006.0, "function_hash": "212941617916931770754653330216649319655" }, "id": "CVE-2024-43873-6ea012f4", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ea558f10fb05a6503c6e655a1b7d81fdf8e5924c" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_dev_open" }, "signature_version": "v1", "digest": { "length": 964.0, "function_hash": "65055767869042237330209208039234885997" }, "id": "CVE-2024-43873-80d31f8b", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3062cb100787a9ddf45de30004b962035cd497fb" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_set_features" }, "signature_version": "v1", "digest": { "length": 763.0, "function_hash": "204619040855560705206573565684442078041" }, "id": "CVE-2024-43873-816d441c", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eab96e8716cbfc2834b54f71cc9501ad4eec963b" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_dev_open" }, "signature_version": "v1", "digest": { "length": 964.0, "function_hash": "65055767869042237330209208039234885997" }, "id": "CVE-2024-43873-85f3477e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eab96e8716cbfc2834b54f71cc9501ad4eec963b" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_set_features" }, "signature_version": "v1", "digest": { "length": 770.0, "function_hash": "85427082366735767497034173608464206007" }, "id": "CVE-2024-43873-a4b5c4d5", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3062cb100787a9ddf45de30004b962035cd497fb" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/vhost/vsock.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "93654542722874122775379913194773839905", "206092347635005331580026363461539511647", "235315363869388241405593510398071090812", "228858146524411808423672423620873427704", "281406431232613587547736854940228262551", "326034235038460156589986739829041775413", "236488633308381210066127711398624921622", "63047528048168482201881551481995232799", "113326755304440699711757408987367321436" ], "threshold": 0.9 }, "id": "CVE-2024-43873-a5ac872e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1e1fdcbdde3b7663e5d8faeb2245b9b151417d22" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_set_features" }, "signature_version": "v1", "digest": { "length": 763.0, "function_hash": "204619040855560705206573565684442078041" }, "id": "CVE-2024-43873-aefe5c5e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1e1fdcbdde3b7663e5d8faeb2245b9b151417d22" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_dev_open" }, "signature_version": "v1", "digest": { "length": 964.0, "function_hash": "65055767869042237330209208039234885997" }, "id": "CVE-2024-43873-b97b6d93", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1e1fdcbdde3b7663e5d8faeb2245b9b151417d22" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/vhost/vsock.c", "function": "vhost_vsock_dev_open" }, "signature_version": "v1", "digest": { "length": 964.0, "function_hash": "65055767869042237330209208039234885997" }, "id": "CVE-2024-43873-caeaec7f", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30bd4593669443ac58515e23557dc8cef70d8582" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/vhost/vsock.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "93654542722874122775379913194773839905", "206092347635005331580026363461539511647", "235315363869388241405593510398071090812", "228858146524411808423672423620873427704", "336851557090572847280612188565480587604", "326034235038460156589986739829041775413", "236488633308381210066127711398624921622", "63047528048168482201881551481995232799", "113326755304440699711757408987367321436" ], "threshold": 0.9 }, "id": "CVE-2024-43873-f2a641ce", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3062cb100787a9ddf45de30004b962035cd497fb" } ] }