CVE-2024-35840 mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()

2024-05-1714:27:31

Linux

github.com

mptcp

subflow_finish_connect

vulnerability

linux kernel

cve-2024-35840

mptcp_parse_option

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()

subflow_finish_connect() uses four fields (backup, join_id, thmac, none)
that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set
in mptcp_parse_option()

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "f296234c98a8",
        "lessThan": "413b91350732",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "f296234c98a8",
        "lessThan": "51e4cb032d49",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "f296234c98a8",
        "lessThan": "ad3e8f5c3d5c",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "f296234c98a8",
        "lessThan": "76e8de7273a2",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "f296234c98a8",
        "lessThan": "be1d9d9d38da",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "net/mptcp/subflow.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "5.7"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "5.7",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.15.148",
        "versionType": "custom",
        "lessThanOrEqual": "5.15.*"
      },
      {
        "status": "unaffected",
        "version": "6.1.75",
        "versionType": "custom",
        "lessThanOrEqual": "6.1.*"
      },
      {
        "status": "unaffected",
        "version": "6.6.14",
        "versionType": "custom",
        "lessThanOrEqual": "6.6.*"
      },
      {
        "status": "unaffected",
        "version": "6.7.2",
        "versionType": "custom",
        "lessThanOrEqual": "6.7.*"
      },
      {
        "status": "unaffected",
        "version": "6.8",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "net/mptcp/subflow.c"
    ],
    "defaultStatus": "affected"
  }
]