vsock: Do not allow binding to VMADDR_PORT_ANY
commit aba0c94f upstream. It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY. Fixes: d021c344 ("VSOCK: Introduce VM Sockets") Reported-by:Budimir Markovic <markovicbudimir@gmail.com> Signed-off-by:
Stefano Garzarella <sgarzare@redhat.com> Link: https://patch.msgid.link/20250807041811.678-1-markovicbudimir@gmail.com Signed-off-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Loading
-
mentioned in commit 189b48eb
-
mentioned in commit 94f94a2a
-
mentioned in commit 6aaee44d
-
mentioned in commit 53476b65
-
mentioned in commit 0da2761b
-
mentioned in commit 9513a1a6
-
mentioned in commit fa74ea17
-
mentioned in commit c76e8416
-
mentioned in commit a0cedc52
-
mentioned in commit 4fe50186
-
mentioned in commit e7499da5
-
mentioned in commit f4eb07fe
-
mentioned in commit 58c5ec9d
-
mentioned in commit 170a3a76
-
mentioned in commit 57bfaa51
-
mentioned in commit bf495f58
-
mentioned in commit 7b5f9895
-
mentioned in commit 3cb68f6d
-
mentioned in commit ae8e3828
-
mentioned in commit 912ecfa1
-
mentioned in commit d9c9cc17
-
mentioned in commit 145e7a65
-
mentioned in commit d4a74955
-
mentioned in commit dfe3830d
-
mentioned in commit b33a860d
-
mentioned in commit d0ed0deb
-
mentioned in commit 3515af78
-
mentioned in commit 1af18e1d
-
mentioned in commit 3c035bf3
-
mentioned in commit 2d2f6b40
-
mentioned in commit e46a8dff
-
mentioned in commit ade21e10
-
mentioned in commit d9687c69
-
mentioned in commit 87038201
-
mentioned in commit b788051b
-
mentioned in commit 9a1583a0
-
mentioned in commit 8467da20
-
mentioned in commit 4066d362
-
mentioned in commit 32ef9e55
-
mentioned in commit 2d3ce146
-
mentioned in commit 09f1c007
-
mentioned in commit a6ff9f9f
-
mentioned in commit 5fe19d2f
-
mentioned in commit 6b2ee251
-
mentioned in commit fc4cca04
-
mentioned in commit eb1f2b4f
-
mentioned in commit 1373f1ba
-
mentioned in commit ad10d6a4
-
mentioned in commit c594dc56
-
mentioned in commit 29fa2cd7
-
mentioned in commit ff67fc1d
-
mentioned in commit b9e7e376
-
mentioned in commit 7eb10d8d
-
mentioned in commit b1a9368b
-
mentioned in commit 1ccd273c
-
mentioned in commit 388a89b2
-
mentioned in commit e9705159
-
mentioned in commit d8150689
-
mentioned in commit 2b859d54
Please sign in to comment