cvelistv5 - cve-2025-40248

CVE-2025-40248 (GCVE-0-2025-40248)

Vulnerability from cvelistv5

Published

2025-12-04 16:08

Modified

2025-12-06 21:38

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock_transport_cancel_pkt() -> virtio_transport_purge_skbs() may race with sendmsg() invoking virtio_transport_get_credit(). This results in a permanently elevated `vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling. 2. connect() resetting a connected socket's state may race with socket being placed in a sockmap. A disconnected socket remaining in a sockmap breaks sockmap's assumptions. And gives rise to WARNs. 3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a transport change/drop after TCP_ESTABLISHED. Which poses a problem for any simultaneous sendmsg() or connect() and may result in a use-after-free/null-ptr-deref. Do not disconnect socket on signal/timeout. Keep the logic for unconnected sockets: they don't linger, can't be placed in a sockmap, are rejected by sendmsg(). [1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/ [2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/ [3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/

References

URL

Tags

	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/002541ef650b742a198e4be363881439bb9d86b4
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3f71753935d648082a8279a97d30efe6b85be680
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5998da5a8208ae9ad7838ba322bccb2bdcd95e81
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/67432915145848658149683101104e32f9fd6559
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ab6b19f690d89ae4709fba73a3c4a7911f495b7a
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/da664101fb4a0de5cb70d2bae6a650df954df2af
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/eeca93f06df89be5a36305b7b9dae1ed65550dfc
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f1c170cae285e4b8f61be043bb17addc3d0a14b5

Impacted products

Vendor

Product

Version

Linux

Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238
Version: d021c344051af91f42c5ba9fdedc176740cbd238

Linux

Version: 3.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/af_vsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3f71753935d648082a8279a97d30efe6b85be680",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "da664101fb4a0de5cb70d2bae6a650df954df2af",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "67432915145848658149683101104e32f9fd6559",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "eeca93f06df89be5a36305b7b9dae1ed65550dfc",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "5998da5a8208ae9ad7838ba322bccb2bdcd95e81",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "f1c170cae285e4b8f61be043bb17addc3d0a14b5",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "ab6b19f690d89ae4709fba73a3c4a7911f495b7a",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            },
            {
              "lessThan": "002541ef650b742a198e4be363881439bb9d86b4",
              "status": "affected",
              "version": "d021c344051af91f42c5ba9fdedc176740cbd238",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/vmw_vsock/af_vsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.302",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.247",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.197",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.118",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.60",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.302",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.247",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.197",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.159",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.118",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.60",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Ignore signal/timeout on connect() if already established\n\nDuring connect(), acting on a signal/timeout by disconnecting an already\nestablished socket leads to several issues:\n\n1. connect() invoking vsock_transport_cancel_pkt() -\u003e\n   virtio_transport_purge_skbs() may race with sendmsg() invoking\n   virtio_transport_get_credit(). This results in a permanently elevated\n   `vvs-\u003ebytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\n\n2. connect() resetting a connected socket\u0027s state may race with socket\n   being placed in a sockmap. A disconnected socket remaining in a sockmap\n   breaks sockmap\u0027s assumptions. And gives rise to WARNs.\n\n3. connect() transitioning SS_CONNECTED -\u003e SS_UNCONNECTED allows for a\n   transport change/drop after TCP_ESTABLISHED. Which poses a problem for\n   any simultaneous sendmsg() or connect() and may result in a\n   use-after-free/null-ptr-deref.\n\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\nsockets: they don\u0027t linger, can\u0027t be placed in a sockmap, are rejected by\nsendmsg().\n\n[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/\n[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/\n[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-06T21:38:46.423Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3f71753935d648082a8279a97d30efe6b85be680"
        },
        {
          "url": "https://git.kernel.org/stable/c/da664101fb4a0de5cb70d2bae6a650df954df2af"
        },
        {
          "url": "https://git.kernel.org/stable/c/67432915145848658149683101104e32f9fd6559"
        },
        {
          "url": "https://git.kernel.org/stable/c/eeca93f06df89be5a36305b7b9dae1ed65550dfc"
        },
        {
          "url": "https://git.kernel.org/stable/c/5998da5a8208ae9ad7838ba322bccb2bdcd95e81"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1c170cae285e4b8f61be043bb17addc3d0a14b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab6b19f690d89ae4709fba73a3c4a7911f495b7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/002541ef650b742a198e4be363881439bb9d86b4"
        }
      ],
      "title": "vsock: Ignore signal/timeout on connect() if already established",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40248",
    "datePublished": "2025-12-04T16:08:11.509Z",
    "dateReserved": "2025-04-16T07:20:57.181Z",
    "dateUpdated": "2025-12-06T21:38:46.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-40248\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-04T16:16:18.240\",\"lastModified\":\"2025-12-06T22:15:52.643\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nvsock: Ignore signal/timeout on connect() if already established\\n\\nDuring connect(), acting on a signal/timeout by disconnecting an already\\nestablished socket leads to several issues:\\n\\n1. connect() invoking vsock_transport_cancel_pkt() -\u003e\\n   virtio_transport_purge_skbs() may race with sendmsg() invoking\\n   virtio_transport_get_credit(). This results in a permanently elevated\\n   `vvs-\u003ebytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\\n\\n2. connect() resetting a connected socket\u0027s state may race with socket\\n   being placed in a sockmap. A disconnected socket remaining in a sockmap\\n   breaks sockmap\u0027s assumptions. And gives rise to WARNs.\\n\\n3. connect() transitioning SS_CONNECTED -\u003e SS_UNCONNECTED allows for a\\n   transport change/drop after TCP_ESTABLISHED. Which poses a problem for\\n   any simultaneous sendmsg() or connect() and may result in a\\n   use-after-free/null-ptr-deref.\\n\\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\\nsockets: they don\u0027t linger, can\u0027t be placed in a sockmap, are rejected by\\nsendmsg().\\n\\n[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/\\n[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/\\n[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/002541ef650b742a198e4be363881439bb9d86b4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3f71753935d648082a8279a97d30efe6b85be680\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5998da5a8208ae9ad7838ba322bccb2bdcd95e81\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/67432915145848658149683101104e32f9fd6559\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ab6b19f690d89ae4709fba73a3c4a7911f495b7a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/da664101fb4a0de5cb70d2bae6a650df954df2af\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/eeca93f06df89be5a36305b7b9dae1ed65550dfc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f1c170cae285e4b8f61be043bb17addc3d0a14b5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

msrc_cve-2025-40248

Vulnerability from csaf_microsoft

Published

2025-12-02 00:00

Modified

2025-12-07 01:44

Summary

vsock: Ignore signal/timeout on connect() if already established

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-40248 vsock: Ignore signal/timeout on connect() if already established - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40248.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "vsock: Ignore signal/timeout on connect() if already established",
    "tracking": {
      "current_release_date": "2025-12-07T01:44:41.000Z",
      "generator": {
        "date": "2025-12-07T14:48:35.235Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-40248",
      "initial_release_date": "2025-12-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-12-06T01:02:48.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-12-07T01:44:41.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.112.1-2",
                "product": {
                  "name": "azl3 kernel 6.6.112.1-2",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.117.1-1",
                "product": {
                  "name": "azl3 kernel 6.6.117.1-1",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.112.1-2 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.117.1-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-40248",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17084-2",
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-40248 vsock: Ignore signal/timeout on connect() if already established - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40248.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-12-06T01:02:48.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-2"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-12-06T01:02:48.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        }
      ],
      "title": "vsock: Ignore signal/timeout on connect() if already established"
    }
  ]
}

ghsa-j4rg-4m7w-4hr3

Vulnerability from github

Published

2025-12-04 18:30

Modified

2025-12-07 00:30

Details

In the Linux kernel, the following vulnerability has been resolved:

vsock: Ignore signal/timeout on connect() if already established

During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues:

connect() invoking vsock_transport_cancel_pkt() -> virtio_transport_purge_skbs() may race with sendmsg() invoking virtio_transport_get_credit(). This results in a permanently elevated vvs->bytes_unsent. Which, in turn, confuses the SOCK_LINGER handling.
connect() resetting a connected socket's state may race with socket being placed in a sockmap. A disconnected socket remaining in a sockmap breaks sockmap's assumptions. And gives rise to WARNs.
connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a transport change/drop after TCP_ESTABLISHED. Which poses a problem for any simultaneous sendmsg() or connect() and may result in a use-after-free/null-ptr-deref.

Do not disconnect socket on signal/timeout. Keep the logic for unconnected sockets: they don't linger, can't be placed in a sockmap, are rejected by sendmsg().

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40248"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-04T16:16:18Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Ignore signal/timeout on connect() if already established\n\nDuring connect(), acting on a signal/timeout by disconnecting an already\nestablished socket leads to several issues:\n\n1. connect() invoking vsock_transport_cancel_pkt() -\u003e\n   virtio_transport_purge_skbs() may race with sendmsg() invoking\n   virtio_transport_get_credit(). This results in a permanently elevated\n   `vvs-\u003ebytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\n\n2. connect() resetting a connected socket\u0027s state may race with socket\n   being placed in a sockmap. A disconnected socket remaining in a sockmap\n   breaks sockmap\u0027s assumptions. And gives rise to WARNs.\n\n3. connect() transitioning SS_CONNECTED -\u003e SS_UNCONNECTED allows for a\n   transport change/drop after TCP_ESTABLISHED. Which poses a problem for\n   any simultaneous sendmsg() or connect() and may result in a\n   use-after-free/null-ptr-deref.\n\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\nsockets: they don\u0027t linger, can\u0027t be placed in a sockmap, are rejected by\nsendmsg().\n\n[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/\n[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/\n[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/",
  "id": "GHSA-j4rg-4m7w-4hr3",
  "modified": "2025-12-07T00:30:56Z",
  "published": "2025-12-04T18:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40248"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/002541ef650b742a198e4be363881439bb9d86b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3f71753935d648082a8279a97d30efe6b85be680"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5998da5a8208ae9ad7838ba322bccb2bdcd95e81"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67432915145848658149683101104e32f9fd6559"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab6b19f690d89ae4709fba73a3c4a7911f495b7a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da664101fb4a0de5cb70d2bae6a650df954df2af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eeca93f06df89be5a36305b7b9dae1ed65550dfc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1c170cae285e4b8f61be043bb17addc3d0a14b5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2025-AVI-1078

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 msft-golang 1.24.9-1
Microsoft	N/A	cbl2 golang 1.22.7-5
Microsoft	N/A	azl3 golang 1.23.12-1
Microsoft	N/A	cbl2 python3 3.9.19-16
Microsoft	N/A	cbl2 python-tensorboard 2.11.0-3
Microsoft	N/A	cbl2 qt5-qtbase 5.12.11-18
Microsoft	N/A	cbl2 reaper 3.1.1-21
Microsoft	N/A	cbl2 python3 3.9.19-17
Microsoft	N/A	azl3 python-tensorboard 2.16.2-6
Microsoft	N/A	azl3 kernel 6.6.112.1-2
Microsoft	N/A	cbl2 vim 9.1.1616-1
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	azl3 tensorflow 2.16.1-9
Microsoft	N/A	cbl2 gcc 11.2.0-8
Microsoft	N/A	azl3 vim 9.1.1616-1
Microsoft	N/A	azl3 golang 1.25.3-1
Microsoft	N/A	azl3 pgbouncer 1.24.1-1
Microsoft	N/A	cbl2 tensorflow 2.11.1-2
Microsoft	N/A	azl3 libpng 1.6.40-1 versions antérieures à 1.6.52-1
Microsoft	N/A	azl3 gcc 13.2.0-7
Microsoft	N/A	azl3 python3 3.12.9-5
Microsoft	N/A	cbl2 golang 1.18.8-10
Microsoft	N/A	cbl2 reaper 3.1.1-19

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-40254	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40257	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40245	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40258	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-50304	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40219	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40233	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40244	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-53209	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61729	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40262	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40253	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40223	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40217	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-6485	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40252	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40250	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40261	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40215	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40264	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40263	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12084	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12385	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-12819	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61727	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40242	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40259	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-50303	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40243	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40251	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40247	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40220	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66476	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40240	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40248	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13836	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-66293	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-53231	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40218	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-13837	2025-12-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40266	2025-12-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-34297	2025-12-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 msft-golang 1.24.9-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 golang 1.22.7-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.23.12-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python-tensorboard 2.11.0-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 qt5-qtbase 5.12.11-18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 reaper 3.1.1-21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python-tensorboard 2.16.2-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.112.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 vim 9.1.1616-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 tensorflow 2.16.1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 gcc 11.2.0-8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 vim 9.1.1616-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 golang 1.25.3-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 pgbouncer 1.24.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 tensorflow 2.11.1-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libpng 1.6.40-1 versions ant\u00e9rieures \u00e0 1.6.52-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 gcc 13.2.0-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python3 3.12.9-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 golang 1.18.8-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 reaper 3.1.1-19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-40254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40254"
    },
    {
      "name": "CVE-2025-40219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
    },
    {
      "name": "CVE-2025-40240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
    },
    {
      "name": "CVE-2025-12084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
    },
    {
      "name": "CVE-2023-53209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53209"
    },
    {
      "name": "CVE-2025-40251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40251"
    },
    {
      "name": "CVE-2025-13837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
    },
    {
      "name": "CVE-2022-50304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50304"
    },
    {
      "name": "CVE-2025-40245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
    },
    {
      "name": "CVE-2025-40233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
    },
    {
      "name": "CVE-2025-40242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40242"
    },
    {
      "name": "CVE-2025-61727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
    },
    {
      "name": "CVE-2025-40252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
    },
    {
      "name": "CVE-2025-40218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40218"
    },
    {
      "name": "CVE-2025-40220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
    },
    {
      "name": "CVE-2025-40257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40257"
    },
    {
      "name": "CVE-2025-40263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40263"
    },
    {
      "name": "CVE-2025-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
    },
    {
      "name": "CVE-2025-66293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
    },
    {
      "name": "CVE-2025-40250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40250"
    },
    {
      "name": "CVE-2025-40264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40264"
    },
    {
      "name": "CVE-2025-66476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66476"
    },
    {
      "name": "CVE-2022-50303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50303"
    },
    {
      "name": "CVE-2025-40243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
    },
    {
      "name": "CVE-2025-40266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40266"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2025-12385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12385"
    },
    {
      "name": "CVE-2023-53231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53231"
    },
    {
      "name": "CVE-2025-40247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40247"
    },
    {
      "name": "CVE-2025-40215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
    },
    {
      "name": "CVE-2025-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40217"
    },
    {
      "name": "CVE-2025-40248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40248"
    },
    {
      "name": "CVE-2025-40259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40259"
    },
    {
      "name": "CVE-2025-40253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40253"
    },
    {
      "name": "CVE-2025-12819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12819"
    },
    {
      "name": "CVE-2025-40258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
    },
    {
      "name": "CVE-2025-34297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-34297"
    },
    {
      "name": "CVE-2025-40262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40262"
    },
    {
      "name": "CVE-2025-40261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
    },
    {
      "name": "CVE-2025-40244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
    },
    {
      "name": "CVE-2025-40223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
    },
    {
      "name": "CVE-2025-61729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
    }
  ],
  "initial_release_date": "2025-12-08T00:00:00",
  "last_revision_date": "2025-12-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1078",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40254",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40254"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40257",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40257"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40245",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40245"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40258",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40258"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50304",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50304"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40219"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40233",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40233"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40244",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40244"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53209"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61729",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40262",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40262"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40253",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40253"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40223",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40223"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40217",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40217"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-6485",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6485"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40252",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40252"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40250",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40250"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40261",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40261"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40215"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40264",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40264"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40263",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40263"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12084",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12084"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12385",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12385"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12819",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12819"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61727",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40242",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40242"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40259",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40259"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50303",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50303"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40243",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40243"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40251",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40251"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40247",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40247"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40220",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40220"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66476",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66476"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40240",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40240"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40248",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40248"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13836",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13836"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66293",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66293"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53231",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53231"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40218",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40218"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13837",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13837"
    },
    {
      "published_at": "2025-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40266",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40266"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-34297",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-34297"
    }
  ]
}

fkie_cve-2025-40248

Vulnerability from fkie_nvd

Published

2025-12-04 16:16

Modified

2025-12-06 22:15

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/002541ef650b742a198e4be363881439bb9d86b4
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3f71753935d648082a8279a97d30efe6b85be680
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5998da5a8208ae9ad7838ba322bccb2bdcd95e81
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/67432915145848658149683101104e32f9fd6559
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ab6b19f690d89ae4709fba73a3c4a7911f495b7a
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/da664101fb4a0de5cb70d2bae6a650df954df2af
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/eeca93f06df89be5a36305b7b9dae1ed65550dfc
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f1c170cae285e4b8f61be043bb17addc3d0a14b5

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Ignore signal/timeout on connect() if already established\n\nDuring connect(), acting on a signal/timeout by disconnecting an already\nestablished socket leads to several issues:\n\n1. connect() invoking vsock_transport_cancel_pkt() -\u003e\n   virtio_transport_purge_skbs() may race with sendmsg() invoking\n   virtio_transport_get_credit(). This results in a permanently elevated\n   `vvs-\u003ebytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\n\n2. connect() resetting a connected socket\u0027s state may race with socket\n   being placed in a sockmap. A disconnected socket remaining in a sockmap\n   breaks sockmap\u0027s assumptions. And gives rise to WARNs.\n\n3. connect() transitioning SS_CONNECTED -\u003e SS_UNCONNECTED allows for a\n   transport change/drop after TCP_ESTABLISHED. Which poses a problem for\n   any simultaneous sendmsg() or connect() and may result in a\n   use-after-free/null-ptr-deref.\n\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\nsockets: they don\u0027t linger, can\u0027t be placed in a sockmap, are rejected by\nsendmsg().\n\n[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/\n[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/\n[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/"
    }
  ],
  "id": "CVE-2025-40248",
  "lastModified": "2025-12-06T22:15:52.643",
  "metrics": {},
  "published": "2025-12-04T16:16:18.240",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/002541ef650b742a198e4be363881439bb9d86b4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3f71753935d648082a8279a97d30efe6b85be680"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5998da5a8208ae9ad7838ba322bccb2bdcd95e81"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/67432915145848658149683101104e32f9fd6559"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ab6b19f690d89ae4709fba73a3c4a7911f495b7a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/da664101fb4a0de5cb70d2bae6a650df954df2af"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/eeca93f06df89be5a36305b7b9dae1ed65550dfc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f1c170cae285e4b8f61be043bb17addc3d0a14b5"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-40248 (GCVE-0-2025-40248)

Vulnerability from cvelistv5

msrc_cve-2025-40248

Vulnerability from csaf_microsoft

ghsa-j4rg-4m7w-4hr3

Vulnerability from github

CERTFR-2025-AVI-1078

Vulnerability from certfr_avis

Solutions

fkie_cve-2025-40248

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature