Seth Forshee

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.9.y **Description** The issue is related to the vsock component of the Linux kernel, where a signal interrupting a connection can lead to the socket being added to the connected table multiple times, causing list corruption. This happens when the `vsock connect()` function expects the socket to be in the TCP ESTABLISHED state upon waking up with a pending signal. To prevent this, the `vsock remove connected()` function is called when a signal is received during a connection attempt. The vulnerability can be exploited to cause a denial of service. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the patch for the vsock component, which requires the patch `d5afa82c977e` ("vsock: correct removal of socket from the list") to be applied. This patch is included in all current stable trees except 4.9.y. As a temporary workaround, consider disabling the `vsock connect()` function until a patch is available.