CVE-2024-53091

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65

Description A vulnerability in the Linux kernel has been resolved. The issue is related to the introduction of support for vsock and unix sockets in sockmap, where the function tls sw has ctx tx/rx cannot presume the socket passed in must be IS ICSK. This can cause tls get ctx to return an invalid pointer and result in a page fault in the function tls sw ctx rx. The error is characterized by an inability to handle a page fault for a specific address. Technical details include the involvement of sk psock strp data ready and virtio transport recv pkt functions.

Recommendations To resolve the issue, update to Linux kernel version 6.6.65 or later. As a temporary workaround, consider restricting the use of the vulnerable tls sw has ctx tx/rx function until a patch is available. Additionally, be cautious when using vsock and af unix sockets, as they may be affected by this issue.