Skip to content

vsock UAF (CVE-2025-21756)

Aynı bug/CVE (CVE-2025-21756, af_vsock transport reassignment refcount UAF): bkz. canonical not.

Mechanism

Bu not, vsock transport reassignment refcount UAF ile aynı bug'ı tarif eder — transport reassignment, unbound bir socket'i bind table'dan iki kez çıkarıp struct vsock_sock'u erken free eder. Tam mekanizma canonical not'ta.

Walkthrough

Tam walkthrough canonical not'ta: vsock transport reassignment refcount UAF.

References