In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow
There are two issues around seqpacketallow: 1. seqpacketallow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIOVSOCKFSEQPACKET is set and then cleared, then seqpacketallow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this).
To fix: - initialize seqpacketallow after allocation - set it unconditionally in setfeatures