CVE-2023-52842

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc3

Description The issue is related to the virtio/vsock component of the Linux kernel. It occurs because the buf alloc and fwd cnt fields of the struct virtio vsock hdr are not initialized when a new skb is allocated in virtio transport init hdr(). This can lead to an uninit-value access issue, as reported by KMSAN. The vulnerability can be exploited by creating a socket with the AF VSOCK family and connecting to a specific address, which can cause the kernel to access uninitialized memory.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the virtio/vsock vulnerability. Specifically, versions 6.6.0-rc3 and later should include the necessary patch to initialize the buf alloc and fwd cnt fields during skb allocation.

As a temporary workaround, consider disabling the virtio/vsock feature until a patched kernel version is available. However, this may have implications for virtual socket functionality and should be carefully evaluated before implementation.

Note: The provided information does not specify the exact version where the fix is included, but it mentions that the issue is resolved in version 6.6.0-rc3. Therefore, updating to this version or later should mitigate the vulnerability.