CVE-2025-40248

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s vsock implementation. Specifically, the issue arises when handling signals or timeouts during a connect() operation on an already established socket. Acting on a signal or timeout by disconnecting an established socket can lead to race conditions with other operations, such as sendmsg(), potentially causing issues like permanently elevated vvs->bytes unsent, broken sockmap assumptions due to disconnected sockets remaining in the sockmap, and potential use-after-free or null-pointer dereferences if a transport change or drop occurs after TCP ESTABLISHED. The resolution involves preventing disconnection of the socket on signal or timeout, maintaining the existing logic for unconnected sockets. The connect() function may invoke vsock transport cancel pkt() which then calls virtio transport purge skbs(), potentially racing with sendmsg() invoking virtio transport get credit().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.