CVE-2024-35840
mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
subflow_finish_connect() uses four fields (backup, join_id, thmac, none)
that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set
in mptcp_parse_option()
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: use OPTION_MPTCP_MPJ_SYNACK en subflow_finish_connect() subflow_finish_connect() usa cuatro campos (backup, join_id, thmac, none) que pueden contener basura a menos que se haya configurado OPTION_MPTCP_MPJ_SYNACK en mptcp_parse_option()
CVE-2024-35840 is a vulnerability in the Linux kernel’s Multipath TCP (MPTCP) implementation. It occurs because the subflow_finish_connect() function may handle uninitialized data in certain fields if a specific MPTCP option (OPTION_MPTCP_MPJ_SYNACK) is not correctly set during option parsing. This could lead to unpredictable behavior in MPTCP connections. The issue has been resolved by ensuring proper initialization and handling of these fields.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-17 CVE Reserved
- 2024-05-17 CVE Published
- 2024-05-18 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/f296234c98a8fcec94eec80304a873f635d350ea | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-35840 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2281282 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.7 < 5.15.148 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.15.148" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.7 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.1.75" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.7 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.6.14" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.7 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.7.2" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.7 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.8" | en |
Affected
|