CVE-2021-47152

mptcp: fix data stream corruption

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix data stream corruption

Maxim reported several issues when forcing a TCP transparent proxy
to use the MPTCP protocol for the inbound connections. He also
provided a clean reproducer.

The problem boils down to 'mptcp_frag_can_collapse_to()' assuming
that only MPTCP will use the given page_frag.

If others - e.g. the plain TCP protocol - allocate page fragments,
we can end-up re-using already allocated memory for mptcp_data_frag.

Fix the issue ensuring that the to-be-expanded data fragment is
located at the current page frag end.

v1 -> v2:
- added missing fixes tag (Mat)

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mptcp: corrige la corrupción del flujo de datos Maxim informó varios problemas al forzar a un proxy transparente TCP a utilizar el protocolo MPTCP para las conexiones entrantes. También proporcionó un reproductor limpio. El problema se reduce a 'mptcp_frag_can_collapse_to()' suponiendo que sólo MPTCP utilizará el page_frag dado. Si otros (por ejemplo, el protocolo TCP simple) asignan fragmentos de página, podemos terminar reutilizando la memoria ya asignada para mptcp_data_frag. Solucione el problema asegurándose de que el fragmento de datos que se va a expandir esté ubicado al final del fragmento de la página actual. v1 -> v2: - se agregó la etiqueta de correcciones faltantes (Mat)

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-04 CVE Reserved
2024-03-25 CVE Published
2024-03-26 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/18b683bff89d46ace55f12d00c0440d44d6160c4	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3267a061096efc91eda52c2a0c61ba76e46e4b34	2021-06-03
https://git.kernel.org/stable/c/18e7f0580da15cac1e79d73683ada5a9e70980f8	2021-06-03
https://git.kernel.org/stable/c/29249eac5225429b898f278230a6ca2baa1ae154	2021-05-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.10.42"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.12.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.13"		en		Affected