Skip to content

[LTS 9.2] vsock: CVE-2025-40248#946

Open
pvts-mat wants to merge 2 commits intoctrliq:ciqlts9_2from
pvts-mat:ciqlts9_2-CVE-2025-40248
Open

[LTS 9.2] vsock: CVE-2025-40248#946
pvts-mat wants to merge 2 commits intoctrliq:ciqlts9_2from
pvts-mat:ciqlts9_2-CVE-2025-40248

Conversation

@pvts-mat
Copy link
Contributor

@pvts-mat pvts-mat commented Mar 8, 2026

[LTS 9.2]

CVE-2025-40248 VULN-160780

Commits

CVE-2025-40248

vsock: avoid to close connected socket after the timeout

jira VULN-160780
cve-pre CVE-2025-40248
commit-author Zhuang Shengen <zhuangshengen@huawei.com>
commit 6d4486efe9c69626cab423456169e250a5cd3af5

vsock: Ignore signal/timeout on connect() if already established

jira VULN-160780
cve CVE-2025-40248
commit-author Michal Luczaj <mhal@rbox.co>
commit 002541ef650b742a198e4be363881439bb9d86b4

See also the solution for CBR 7.9. Unlike in that case here a single prerequisite was enough to obtain a cleanly cherry-picking solution.

kABI check: passed

[0/1] kabi_check_kernel	Check ABI of kernel [ciqlts9_2-CVE-2025-40248]	_kabi_check_kernel__x86_64--test--ciqlts9_2-CVE-2025-40248
+ dist_git_version=el-9.2
+ local_version=ciqlts9_2-CVE-2025-40248
+ arch=x86_64
+ user=pvts
+ buildmachine=x86_64--build--ciqlts9_2
+ virsh_timeout=600
+ ssh_daemon_wait=20
+ src_dir=/mnt/code/kernel-dist-git-el-9.2
+ build_dir=/mnt/build_files/kernel-src-tree-ciqlts9_2-CVE-2025-40248
+ sudo chmod +x /data/src/ctrliq-github-haskell/kernel-dist-git-el-9.2/SOURCES/check-kabi
+ ninja-back/virssh.xsh --max 8 --shutdown-on-success --shutdown-on-failure --timeout 600 --ssh-daemon-wait 20 pvts x86_64--build--ciqlts9_2 ''\''/mnt/code/kernel-dist-git-el-9.2/SOURCES/check-kabi'\'' -k '\''/mnt/code/kernel-dist-git-el-9.2/SOURCES/Module.kabi_x86_64'\'' -s '\''/mnt/build_files/kernel-src-tree-ciqlts9_2-CVE-2025-40248/Module.symvers'\'''
kABI check passed
+ touch state/kernels/ciqlts9_2-CVE-2025-40248/x86_64/kabi_checked

Boot test: passed

boot-test.log

Kselftests: passed relative

Reference

kselftests–ciqlts9_2–run1.log

Patch

kselftests–ciqlts9_2-CVE-2025-40248–run1.log
kselftests–ciqlts9_2-CVE-2025-40248–run2.log

Comparison

The tests results for the reference and the patch are the same.

$ ktests.xsh diff  kselftests*.log

Column    File
--------  ----------------------------------------------
Status0   kselftests--ciqlts9_2--run1.log
Status1   kselftests--ciqlts9_2-CVE-2025-40248--run1.log
Status2   kselftests--ciqlts9_2-CVE-2025-40248--run2.log

TestCase                                               Status0  Status1  Status2  Summary
bpf:test_bpftool.sh                                    pass     pass     pass     same
bpf:test_bpftool_build.sh                              pass     pass     pass     same
bpf:test_bpftool_metadata.sh                           pass     pass     pass     same
bpf:test_cgroup_storage                                pass     pass     pass     same
bpf:test_doc_build.sh                                  pass     pass     pass     same
bpf:test_flow_dissector.sh                             fail     fail     fail     same
bpf:test_lirc_mode2.sh                                 pass     pass     pass     same
bpf:test_lpm_map                                       pass     pass     pass     same
bpf:test_lru_map                                       pass     pass     pass     same
bpf:test_lwt_ip_encap.sh                               pass     pass     pass     same
bpf:test_lwt_seg6local.sh                              pass     pass     pass     same
bpf:test_offload.py                                    fail     fail     fail     same
bpf:test_sock                                          pass     pass     pass     same
bpf:test_sock_addr.sh                                  pass     pass     pass     same
bpf:test_sysctl                                        pass     pass     pass     same
bpf:test_tag                                           pass     pass     pass     same
bpf:test_tc_edt.sh                                     pass     pass     pass     same
bpf:test_tc_tunnel.sh                                  fail     fail     fail     same
bpf:test_tcp_check_syncookie.sh                        pass     pass     pass     same
bpf:test_tcpnotify_user                                pass     pass     pass     same
bpf:test_tunnel.sh                                     fail     fail     fail     same
bpf:test_verifier                                      fail     fail     fail     same
bpf:test_xdp_meta.sh                                   pass     pass     pass     same
bpf:test_xdp_redirect.sh                               pass     pass     pass     same
bpf:test_xdp_redirect_multi.sh                         pass     pass     pass     same
bpf:test_xdp_veth.sh                                   pass     pass     pass     same
bpf:test_xdp_vlan_mode_generic.sh                      pass     pass     pass     same
bpf:test_xdp_vlan_mode_native.sh                       pass     pass     pass     same
bpf:test_xdping.sh                                     pass     pass     pass     same
breakpoints:breakpoint_test                            pass     pass     pass     same
capabilities:test_execve                               pass     pass     pass     same
cgroup:test_core                                       fail     fail     fail     same
cgroup:test_cpuset_prs.sh                              pass     pass     pass     same
cgroup:test_kill                                       pass     pass     pass     same
cgroup:test_kmem                                       pass     pass     pass     same
cgroup:test_stress.sh                                  fail     fail     fail     same
clone3:clone3                                          pass     pass     pass     same
clone3:clone3_cap_checkpoint_restore                   pass     pass     pass     same
clone3:clone3_clear_sighand                            pass     pass     pass     same
clone3:clone3_set_tid                                  pass     pass     pass     same
core:close_range_test                                  pass     pass     pass     same
cpu-hotplug:cpu-on-off-test.sh                         pass     pass     pass     same
cpufreq:main.sh                                        fail     fail     fail     same
drivers/dma-buf:udmabuf                                pass     pass     pass     same
drivers/net/bonding:bond-arp-interval-causes-panic.sh  pass     pass     pass     same
drivers/net/bonding:bond-break-lacpdu-tx.sh            pass     pass     pass     same
drivers/net/bonding:bond-lladdr-target.sh              pass     pass     pass     same
drivers/net/bonding:dev_addr_lists.sh                  pass     pass     pass     same
drivers/net/bonding:mode-1-recovery-updelay.sh         pass     pass     pass     same
drivers/net/bonding:mode-2-recovery-updelay.sh         pass     pass     pass     same
drivers/net/team:dev_addr_lists.sh                     pass     pass     pass     same
filesystems/binderfs:binderfs_test                     fail     fail     fail     same
firmware:fw_run_tests.sh                               skip     skip     skip     same
fpu:run_test_fpu.sh                                    skip     skip     skip     same
fpu:test_fpu                                           pass     pass     pass     same
ftrace:ftracetest                                      fail     fail     fail     same
futex:run.sh                                           pass     pass     pass     same
gpio:gpio-mockup.sh                                    fail     fail     fail     same
intel_pstate:run.sh                                    pass     pass     pass     same
ipc:msgque                                             pass     pass     pass     same
ir:ir_loopback.sh                                      skip     skip     skip     same
kcmp:kcmp_test                                         pass     pass     pass     same
kexec:test_kexec_file_load.sh                          skip     skip     skip     same
kexec:test_kexec_load.sh                               skip     skip     skip     same
kvm:access_tracking_perf_test                          pass     pass     pass     same
kvm:amx_test                                           fail     fail     fail     same
kvm:cpuid_test                                         fail     fail     fail     same
kvm:cr4_cpuid_sync_test                                fail     fail     fail     same
kvm:debug_regs                                         fail     fail     fail     same
kvm:demand_paging_test                                 pass     pass     pass     same
kvm:dirty_log_perf_test                                pass     pass     pass     same
kvm:dirty_log_test                                     fail     fail     fail     same
kvm:emulator_error_test                                fail     fail     fail     same
kvm:evmcs_test                                         fail     fail     fail     same
kvm:fix_hypercall_test                                 fail     fail     fail     same
kvm:get_msr_index_features                             fail     fail     fail     same
kvm:hardware_disable_test                              pass     pass     pass     same
kvm:hyperv_clock                                       fail     fail     fail     same
kvm:hyperv_cpuid                                       fail     fail     fail     same
kvm:hyperv_features                                    fail     fail     fail     same
kvm:hyperv_svm_test                                    fail     fail     fail     same
kvm:kvm_binary_stats_test                              pass     pass     pass     same
kvm:kvm_clock_test                                     fail     fail     fail     same
kvm:kvm_create_max_vcpus                               pass     pass     pass     same
kvm:kvm_page_table_test                                pass     pass     pass     same
kvm:kvm_pv_test                                        fail     fail     fail     same
kvm:max_guest_memory_test                              pass     pass     pass     same
kvm:max_vcpuid_cap_test                                fail     fail     fail     same
kvm:memslot_modification_stress_test                   pass     pass     pass     same
kvm:memslot_perf_test                                  pass     pass     pass     same
kvm:mmio_warning_test                                  fail     fail     fail     same
kvm:monitor_mwait_test                                 fail     fail     fail     same
kvm:nx_huge_pages_test.sh                              fail     fail     fail     same
kvm:platform_info_test                                 fail     fail     fail     same
kvm:pmu_event_filter_test                              fail     fail     fail     same
kvm:rseq_test                                          fail     fail     fail     same
kvm:set_boot_cpu_id                                    fail     fail     fail     same
kvm:set_memory_region_test                             pass     pass     pass     same
kvm:set_sregs_test                                     fail     fail     fail     same
kvm:sev_migrate_tests                                  fail     fail     fail     same
kvm:smm_test                                           fail     fail     fail     same
kvm:state_test                                         fail     fail     fail     same
kvm:steal_time                                         pass     pass     pass     same
kvm:svm_int_ctl_test                                   fail     fail     fail     same
kvm:svm_nested_soft_inject_test                        fail     fail     fail     same
kvm:svm_vmcall_test                                    fail     fail     fail     same
kvm:sync_regs_test                                     fail     fail     fail     same
kvm:system_counter_offset_test                         pass     pass     pass     same
kvm:triple_fault_event_test                            fail     fail     fail     same
kvm:tsc_msrs_test                                      fail     fail     fail     same
kvm:tsc_scaling_sync                                   fail     fail     fail     same
kvm:ucna_injection_test                                fail     fail     fail     same
kvm:userspace_io_test                                  fail     fail     fail     same
kvm:userspace_msr_exit_test                            fail     fail     fail     same
kvm:vmx_apic_access_test                               fail     fail     fail     same
kvm:vmx_close_while_nested_test                        fail     fail     fail     same
kvm:vmx_dirty_log_test                                 fail     fail     fail     same
kvm:vmx_exception_with_invalid_guest_state             fail     fail     fail     same
kvm:vmx_invalid_nested_guest_state                     fail     fail     fail     same
kvm:vmx_msrs_test                                      fail     fail     fail     same
kvm:vmx_nested_tsc_scaling_test                        fail     fail     fail     same
kvm:vmx_pmu_caps_test                                  fail     fail     fail     same
kvm:vmx_preemption_timer_test                          fail     fail     fail     same
kvm:vmx_set_nested_state_test                          fail     fail     fail     same
kvm:vmx_tsc_adjust_test                                fail     fail     fail     same
kvm:xapic_ipi_test                                     fail     fail     fail     same
kvm:xapic_state_test                                   fail     fail     fail     same
kvm:xen_shinfo_test                                    fail     fail     fail     same
kvm:xen_vmcall_test                                    fail     fail     fail     same
kvm:xss_msr_test                                       fail     fail     fail     same
landlock:base_test                                     fail     fail     fail     same
landlock:fs_test                                       fail     fail     fail     same
landlock:ptrace_test                                   fail     fail     fail     same
lib:bitmap.sh                                          skip     skip     skip     same
lib:prime_numbers.sh                                   skip     skip     skip     same
lib:printf.sh                                          skip     skip     skip     same
lib:scanf.sh                                           skip     skip     skip     same
lib:strscpy.sh                                         skip     skip     skip     same
livepatch:test-callbacks.sh                            skip     skip     skip     same
livepatch:test-ftrace.sh                               skip     skip     skip     same
livepatch:test-livepatch.sh                            skip     skip     skip     same
livepatch:test-shadow-vars.sh                          skip     skip     skip     same
livepatch:test-state.sh                                skip     skip     skip     same
membarrier:membarrier_test_multi_thread                pass     pass     pass     same
membarrier:membarrier_test_single_thread               pass     pass     pass     same
memfd:memfd_test                                       pass     pass     pass     same
memfd:run_fuse_test.sh                                 pass     pass     pass     same
memfd:run_hugetlbfs_test.sh                            pass     pass     pass     same
memory-hotplug:mem-on-off-test.sh                      pass     pass     pass     same
mincore:mincore_selftest                               fail     fail     fail     same
mount:run_nosymfollow.sh                               pass     pass     pass     same
mount:run_unprivileged_remount.sh                      pass     pass     pass     same
mqueue:mq_open_tests                                   pass     pass     pass     same
mqueue:mq_perf_tests                                   pass     pass     pass     same
nci:nci_dev                                            fail     fail     fail     same
net/forwarding:bridge_locked_port.sh                   pass     pass     pass     same
net/forwarding:bridge_mld.sh                           fail     fail     fail     same
net/forwarding:bridge_port_isolation.sh                pass     pass     pass     same
net/forwarding:bridge_sticky_fdb.sh                    pass     pass     pass     same
net/forwarding:bridge_vlan_aware.sh                    fail     fail     fail     same
net/forwarding:bridge_vlan_mcast.sh                    fail     fail     fail     same
net/forwarding:bridge_vlan_unaware.sh                  pass     pass     pass     same
net/forwarding:custom_multipath_hash.sh                fail     fail     fail     same
net/forwarding:ethtool.sh                              fail     fail     fail     same
net/forwarding:ethtool_extended_state.sh               fail     fail     fail     same
net/forwarding:gre_custom_multipath_hash.sh            fail     fail     fail     same
net/forwarding:gre_inner_v4_multipath.sh               fail     fail     fail     same
net/forwarding:gre_multipath.sh                        fail     fail     fail     same
net/forwarding:gre_multipath_nh.sh                     fail     fail     fail     same
net/forwarding:gre_multipath_nh_res.sh                 fail     fail     fail     same
net/forwarding:hw_stats_l3.sh                          fail     fail     fail     same
net/forwarding:hw_stats_l3_gre.sh                      fail     fail     fail     same
net/forwarding:ip6_forward_instats_vrf.sh              fail     fail     fail     same
net/forwarding:ip6gre_custom_multipath_hash.sh         fail     fail     fail     same
net/forwarding:ip6gre_flat.sh                          pass     pass     pass     same
net/forwarding:ip6gre_flat_key.sh                      pass     pass     pass     same
net/forwarding:ip6gre_flat_keys.sh                     pass     pass     pass     same
net/forwarding:ip6gre_hier.sh                          pass     pass     pass     same
net/forwarding:ip6gre_hier_key.sh                      pass     pass     pass     same
net/forwarding:ip6gre_hier_keys.sh                     pass     pass     pass     same
net/forwarding:ip6gre_inner_v4_multipath.sh            fail     fail     fail     same
net/forwarding:ip6gre_inner_v6_multipath.sh            fail     fail     fail     same
net/forwarding:ipip_flat_gre.sh                        pass     pass     pass     same
net/forwarding:ipip_flat_gre_key.sh                    pass     pass     pass     same
net/forwarding:ipip_flat_gre_keys.sh                   pass     pass     pass     same
net/forwarding:ipip_hier_gre.sh                        pass     pass     pass     same
net/forwarding:ipip_hier_gre_key.sh                    pass     pass     pass     same
net/forwarding:loopback.sh                             skip     skip     skip     same
net/forwarding:mirror_gre.sh                           fail     fail     fail     same
net/forwarding:mirror_gre_bound.sh                     pass     pass     pass     same
net/forwarding:mirror_gre_bridge_1d.sh                 pass     pass     pass     same
net/forwarding:mirror_gre_bridge_1q.sh                 pass     pass     pass     same
net/forwarding:mirror_gre_bridge_1q_lag.sh             pass     pass     pass     same
net/forwarding:mirror_gre_changes.sh                   fail     fail     fail     same
net/forwarding:mirror_gre_flower.sh                    fail     fail     fail     same
net/forwarding:mirror_gre_lag_lacp.sh                  pass     pass     pass     same
net/forwarding:mirror_gre_neigh.sh                     pass     pass     pass     same
net/forwarding:mirror_gre_nh.sh                        pass     pass     pass     same
net/forwarding:mirror_gre_vlan.sh                      pass     pass     pass     same
net/forwarding:mirror_vlan.sh                          pass     pass     pass     same
net/forwarding:pedit_dsfield.sh                        pass     pass     pass     same
net/forwarding:pedit_ip.sh                             pass     pass     pass     same
net/forwarding:pedit_l4port.sh                         pass     pass     pass     same
net/forwarding:q_in_vni_ipv6.sh                        pass     pass     pass     same
net/forwarding:router.sh                               skip     skip     skip     same
net/forwarding:router_bridge.sh                        pass     pass     pass     same
net/forwarding:router_bridge_vlan.sh                   pass     pass     pass     same
net/forwarding:router_broadcast.sh                     pass     pass     pass     same
net/forwarding:router_mpath_nh.sh                      fail     fail     fail     same
net/forwarding:router_mpath_nh_res.sh                  fail     fail     fail     same
net/forwarding:router_multicast.sh                     skip     skip     skip     same
net/forwarding:router_multipath.sh                     fail     fail     fail     same
net/forwarding:router_nh.sh                            pass     pass     pass     same
net/forwarding:router_vid_1.sh                         pass     pass     pass     same
net/forwarding:skbedit_priority.sh                     pass     pass     pass     same
net/forwarding:tc_chains.sh                            pass     pass     pass     same
net/forwarding:tc_flower.sh                            pass     pass     pass     same
net/forwarding:tc_flower_router.sh                     pass     pass     pass     same
net/forwarding:tc_mpls_l2vpn.sh                        pass     pass     pass     same
net/forwarding:tc_shblocks.sh                          pass     pass     pass     same
net/forwarding:tc_vlan_modify.sh                       pass     pass     pass     same
net/forwarding:vxlan_asymmetric.sh                     pass     pass     pass     same
net/forwarding:vxlan_asymmetric_ipv6.sh                pass     pass     pass     same
net/forwarding:vxlan_bridge_1d.sh                      fail     fail     fail     same
net/forwarding:vxlan_bridge_1d_port_8472.sh            pass     pass     pass     same
net/forwarding:vxlan_bridge_1d_port_8472_ipv6.sh       fail     fail     fail     same
net/forwarding:vxlan_bridge_1q.sh                      fail     fail     fail     same
net/forwarding:vxlan_bridge_1q_ipv6.sh                 fail     fail     fail     same
net/forwarding:vxlan_bridge_1q_port_8472.sh            pass     pass     pass     same
net/forwarding:vxlan_bridge_1q_port_8472_ipv6.sh       fail     fail     fail     same
net/forwarding:vxlan_symmetric.sh                      pass     pass     pass     same
net/forwarding:vxlan_symmetric_ipv6.sh                 pass     pass     pass     same
net/mptcp:diag.sh                                      pass     pass     pass     same
net/mptcp:mptcp_connect.sh                             pass     pass     pass     same
net/mptcp:mptcp_sockopt.sh                             pass     pass     pass     same
net/mptcp:pm_netlink.sh                                pass     pass     pass     same
net:altnames.sh                                        pass     pass     pass     same
net:bareudp.sh                                         pass     pass     pass     same
net:cmsg_so_mark.sh                                    pass     pass     pass     same
net:devlink_port_split.py                              skip     skip     skip     same
net:drop_monitor_tests.sh                              skip     skip     skip     same
net:fcnal-test.sh                                      skip     skip     skip     same
net:fib-onlink-tests.sh                                pass     pass     pass     same
net:fib_nexthop_multiprefix.sh                         pass     pass     pass     same
net:fib_rule_tests.sh                                  pass     pass     pass     same
net:fib_tests.sh                                       fail     fail     fail     same
net:fin_ack_lat.sh                                     pass     pass     pass     same
net:gre_gso.sh                                         pass     pass     pass     same
net:icmp.sh                                            fail     fail     fail     same
net:icmp_redirect.sh                                   pass     pass     pass     same
net:ip6_gre_headroom.sh                                pass     pass     pass     same
net:ipv6_flowlabel.sh                                  pass     pass     pass     same
net:l2tp.sh                                            pass     pass     pass     same
net:msg_zerocopy.sh                                    pass     pass     pass     same
net:netdevice.sh                                       pass     pass     pass     same
net:pmtu.sh                                            pass     pass     pass     same
net:psock_snd.sh                                       pass     pass     pass     same
net:reuseaddr_conflict                                 pass     pass     pass     same
net:reuseaddr_ports_exhausted.sh                       pass     pass     pass     same
net:reuseport_bpf                                      pass     pass     pass     same
net:reuseport_bpf_cpu                                  pass     pass     pass     same
net:reuseport_bpf_numa                                 pass     pass     pass     same
net:reuseport_dualstack                                pass     pass     pass     same
net:route_localnet.sh                                  pass     pass     pass     same
net:rps_default_mask.sh                                fail     fail     fail     same
net:rtnetlink.sh                                       skip     skip     skip     same
net:run_afpackettests                                  pass     pass     pass     same
net:run_netsocktests                                   pass     pass     pass     same
net:rxtimestamp.sh                                     pass     pass     pass     same
net:so_txtime.sh                                       pass     pass     pass     same
net:stress_reuseport_listen.sh                         pass     pass     pass     same
net:tcp_fastopen_backup_key.sh                         pass     pass     pass     same
net:test_blackhole_dev.sh                              fail     fail     fail     same
net:test_bpf.sh                                        pass     pass     pass     same
net:test_vxlan_fdb_changelink.sh                       pass     pass     pass     same
net:test_vxlan_under_vrf.sh                            pass     pass     pass     same
net:tls                                                pass     pass     pass     same
net:traceroute.sh                                      pass     pass     pass     same
net:udpgro.sh                                          fail     fail     fail     same
net:udpgro_bench.sh                                    fail     fail     fail     same
net:udpgso.sh                                          pass     pass     pass     same
net:unicast_extensions.sh                              pass     pass     pass     same
net:veth.sh                                            fail     fail     fail     same
net:vrf-xfrm-tests.sh                                  pass     pass     pass     same
net:vrf_route_leaking.sh                               fail     fail     fail     same
net:vrf_strict_mode_test.sh                            pass     pass     pass     same
netfilter:bridge_brouter.sh                            skip     skip     skip     same
netfilter:conntrack_icmp_related.sh                    fail     fail     fail     same
netfilter:conntrack_tcp_unreplied.sh                   pass     pass     pass     same
netfilter:conntrack_vrf.sh                             pass     pass     pass     same
netfilter:ipvs.sh                                      pass     pass     pass     same
netfilter:nf_nat_edemux.sh                             fail     fail     fail     same
netfilter:nft_concat_range.sh                          fail     fail     fail     same
netfilter:nft_conntrack_helper.sh                      skip     skip     skip     same
netfilter:nft_fib.sh                                   skip     skip     skip     same
netfilter:nft_flowtable.sh                             fail     fail     fail     same
netfilter:nft_meta.sh                                  pass     pass     pass     same
netfilter:nft_nat.sh                                   skip     skip     skip     same
netfilter:nft_queue.sh                                 skip     skip     skip     same
netfilter:rpath.sh                                     pass     pass     pass     same
nsfs:owner                                             pass     pass     pass     same
nsfs:pidns                                             pass     pass     pass     same
openat2:openat2_test                                   fail     fail     fail     same
openat2:rename_attack_test                             pass     pass     pass     same
openat2:resolve_test                                   fail     fail     fail     same
pid_namespace:regression_enomem                        pass     pass     pass     same
pidfd:pidfd_fdinfo_test                                pass     pass     pass     same
pidfd:pidfd_getfd_test                                 pass     pass     pass     same
pidfd:pidfd_open_test                                  pass     pass     pass     same
pidfd:pidfd_poll_test                                  pass     pass     pass     same
pidfd:pidfd_setns_test                                 pass     pass     pass     same
pidfd:pidfd_test                                       pass     pass     pass     same
pidfd:pidfd_wait                                       pass     pass     pass     same
proc:fd-001-lookup                                     pass     pass     pass     same
proc:fd-002-posix-eq                                   pass     pass     pass     same
proc:fd-003-kthread                                    pass     pass     pass     same
proc:proc-fsconfig-hidepid                             pass     pass     pass     same
proc:proc-loadavg-001                                  pass     pass     pass     same
proc:proc-multiple-procfs                              pass     pass     pass     same
proc:proc-self-map-files-001                           pass     pass     pass     same
proc:proc-self-map-files-002                           pass     pass     pass     same
proc:proc-self-syscall                                 pass     pass     pass     same
proc:proc-self-wchan                                   pass     pass     pass     same
proc:proc-subset-pid                                   pass     pass     pass     same
proc:proc-uptime-002                                   pass     pass     pass     same
proc:read                                              pass     pass     pass     same
proc:self                                              pass     pass     pass     same
proc:setns-dcache                                      pass     pass     pass     same
proc:setns-sysvipc                                     pass     pass     pass     same
proc:thread-self                                       pass     pass     pass     same
pstore:pstore_post_reboot_tests                        skip     skip     skip     same
pstore:pstore_tests                                    fail     fail     fail     same
ptrace:get_syscall_info                                pass     pass     pass     same
ptrace:peeksiginfo                                     pass     pass     pass     same
ptrace:vmaccess                                        fail     fail     fail     same
rlimits:rlimits-per-userns                             pass     pass     pass     same
rseq:basic_percpu_ops_test                             pass     pass     pass     same
rseq:basic_test                                        pass     pass     pass     same
rseq:param_test                                        pass     pass     pass     same
rseq:param_test_benchmark                              pass     pass     pass     same
rseq:param_test_compare_twice                          pass     pass     pass     same
rseq:run_param_test.sh                                 pass     pass     pass     same
seccomp:seccomp_benchmark                              pass     pass     pass     same
seccomp:seccomp_bpf                                    pass     pass     pass     same
sgx:test_sgx                                           fail     fail     fail     same
sigaltstack:sas                                        pass     pass     pass     same
size:get_size                                          pass     pass     pass     same
splice:default_file_splice_read.sh                     pass     pass     pass     same
splice:short_splice_read.sh                            fail     fail     fail     same
static_keys:test_static_keys.sh                        skip     skip     skip     same
syscall_user_dispatch:sud_benchmark                    pass     pass     pass     same
syscall_user_dispatch:sud_test                         pass     pass     pass     same
tc-testing:tdc.sh                                      fail     fail     fail     same
tdx:tdx_guest_test                                     fail     fail     fail     same
timens:clock_nanosleep                                 pass     pass     pass     same
timens:exec                                            pass     pass     pass     same
timens:futex                                           pass     pass     pass     same
timens:procfs                                          pass     pass     pass     same
timens:timens                                          pass     pass     pass     same
timens:timer                                           pass     pass     pass     same
timens:timerfd                                         pass     pass     pass     same
timens:vfork_exec                                      pass     pass     pass     same
timers:inconsistency-check                             pass     pass     pass     same
timers:mqueue-lat                                      pass     pass     pass     same
timers:nanosleep                                       pass     pass     pass     same
timers:nsleep-lat                                      pass     pass     pass     same
timers:posix_timers                                    pass     pass     pass     same
timers:rtcpie                                          pass     pass     pass     same
timers:set-timer-lat                                   pass     pass     pass     same
timers:threadtest                                      pass     pass     pass     same
tmpfs:bug-link-o-tmpfile                               pass     pass     pass     same
tpm2:test_smoke.sh                                     skip     skip     skip     same
tpm2:test_space.sh                                     skip     skip     skip     same
vDSO:vdso_standalone_test_x86                          pass     pass     pass     same
vDSO:vdso_test_abi                                     pass     pass     pass     same
vDSO:vdso_test_clock_getres                            pass     pass     pass     same
vDSO:vdso_test_correctness                             pass     pass     pass     same
vDSO:vdso_test_getcpu                                  pass     pass     pass     same
vDSO:vdso_test_gettimeofday                            pass     pass     pass     same
vm:run_vmtests.sh                                      skip     skip     skip     same
x86:amx_64                                             fail     fail     fail     same
x86:check_initial_reg_state_64                         pass     pass     pass     same
x86:corrupt_xstate_header_64                           pass     pass     pass     same
x86:fsgsbase_64                                        pass     pass     pass     same
x86:fsgsbase_restore_64                                pass     pass     pass     same
x86:ioperm_64                                          pass     pass     pass     same
x86:iopl_64                                            pass     pass     pass     same
x86:mov_ss_trap_64                                     pass     pass     pass     same
x86:sigaltstack_64                                     pass     pass     pass     same
x86:sigreturn_64                                       pass     pass     pass     same
x86:single_step_syscall_64                             pass     pass     pass     same
x86:syscall_arg_fault_64                               pass     pass     pass     same
x86:syscall_nt_64                                      pass     pass     pass     same
x86:syscall_numbering_64                               pass     pass     pass     same
x86:sysret_rip_64                                      pass     pass     pass     same
x86:sysret_ss_attrs_64                                 pass     pass     pass     same
x86:test_mremap_vdso_64                                pass     pass     pass     same
x86:test_vsyscall_64                                   pass     pass     pass     same
zram:zram.sh                                           pass     pass     pass     same

pvts-mat added 2 commits March 6, 2026 20:38
@pvts-mat
vsock: avoid to close connected socket after the timeout
7bfac67 
jira VULN-160780
cve-pre CVE-2025-40248
commit-author Zhuang Shengen <zhuangshengen@huawei.com>
commit 6d4486e

When client and server establish a connection through vsock,
the client send a request to the server to initiate the connection,
then start a timer to wait for the server's response. When the server's
RESPONSE message arrives, the timer also times out and exits. The
server's RESPONSE message is processed first, and the connection is
established. However, the client's timer also times out, the original
processing logic of the client is to directly set the state of this vsock
to CLOSE and return ETIMEDOUT. It will not notify the server when the port
is released, causing the server port remain.
when client's vsock_connect timeout,it should check sk state is
ESTABLISHED or not. if sk state is ESTABLISHED, it means the connection
is established, the client should not set the sk state to CLOSE

Note: I encountered this issue on kernel-4.18, which can be fixed by
this patch. Then I checked the latest code in the community
and found similar issue.

Fixes: d021c34 ("VSOCK: Introduce VM Sockets")
	Signed-off-by: Zhuang Shengen <zhuangshengen@huawei.com>
	Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 6d4486e)
	Signed-off-by: Marcin Wcisło <marcin.wcislo@conclusive.pl>
@pvts-mat
vsock: Ignore signal/timeout on connect() if already established
5069659 
jira VULN-160780
cve CVE-2025-40248
commit-author Michal Luczaj <mhal@rbox.co>
commit 002541e

During connect(), acting on a signal/timeout by disconnecting an already
established socket leads to several issues:

1. connect() invoking vsock_transport_cancel_pkt() ->
   virtio_transport_purge_skbs() may race with sendmsg() invoking
   virtio_transport_get_credit(). This results in a permanently elevated
   `vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.

2. connect() resetting a connected socket's state may race with socket
   being placed in a sockmap. A disconnected socket remaining in a sockmap
   breaks sockmap's assumptions. And gives rise to WARNs.

3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a
   transport change/drop after TCP_ESTABLISHED. Which poses a problem for
   any simultaneous sendmsg() or connect() and may result in a
   use-after-free/null-ptr-deref.

Do not disconnect socket on signal/timeout. Keep the logic for unconnected
sockets: they don't linger, can't be placed in a sockmap, are rejected by
sendmsg().

[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/
[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/
[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/

Fixes: d021c34 ("VSOCK: Introduce VM Sockets")
	Signed-off-by: Michal Luczaj <mhal@rbox.co>
	Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://patch.msgid.link/20251119-vsock-interrupted-connect-v2-1-70734cf1233f@rbox.co
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 002541e)
	Signed-off-by: Marcin Wcisło <marcin.wcislo@conclusive.pl>
@github-actions
Copy link

github-actions bot commented Mar 9, 2026

🤖 Validation Checks In Progress Workflow run: https://github.com/ctrliq/kernel-src-tree/actions/runs/22847552889

@github-actions
Copy link

github-actions bot commented Mar 9, 2026

JIRA PR Check Results

2 commit(s) with issues found:

Commit 5069659e815c

Summary: vsock: Ignore signal/timeout on connect() if already established

❌ Errors:

  • VULN-160780: Status is 'To Do', expected 'In Progress'

⚠️ Warnings:

  • VULN-160780: No time logged - please log time manually

Commit 7bfac6709d94

Summary: vsock: avoid to close connected socket after the timeout

❌ Errors:

  • VULN-160780: Status is 'To Do', expected 'In Progress'

⚠️ Warnings:

  • VULN-160780: No time logged - please log time manually

Summary: Checked 2 commit(s) total.

@github-actions
Copy link

github-actions bot commented Mar 9, 2026

Validation checks completed with issues View full results: https://github.com/ctrliq/kernel-src-tree/actions/runs/22847552889

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pvts-mat