vsock UAF (CVE-2025-21756)¶
Aynı bug/CVE (CVE-2025-21756,
af_vsocktransport reassignment refcount UAF): bkz. canonical not.
Mechanism¶
Bu not, vsock transport reassignment refcount UAF ile aynı bug'ı tarif eder — transport reassignment, unbound bir socket'i bind table'dan iki kez çıkarıp struct vsock_sock'u erken free eder. Tam mekanizma canonical not'ta.
Walkthrough¶
Tam walkthrough canonical not'ta: vsock transport reassignment refcount UAF.