Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2021-47152HistoryMar 25, 2024 - 9:15 a.m.
CVE-2021-47152
2024-03-2509:15:09
Debian Security Bug Tracker
security-tracker.debian.org
5
vulnerability
linux kernel
mptcp
data stream
maxim
tcp protocol
memory allocation
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to ‘mptcp_frag_can_collapse_to()’ assuming that only MPTCP will use the given page_frag. If others - e.g. the plain TCP protocol - allocate page fragments, we can end-up re-using already allocated memory for mptcp_data_frag. Fix the issue ensuring that the to-be-expanded data fragment is located at the current page frag end. v1 -> v2: - added missing fixes tag (Mat)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 5.14.6-1 | linux_5.14.6-1_all.deb |
| Debian | 11 | all | linux | < 5.10.46-1 | linux_5.10.46-1_all.deb |
| Debian | 999 | all | linux | < 5.14.6-1 | linux_5.14.6-1_all.deb |
| Debian | 13 | all | linux | < 5.14.6-1 | linux_5.14.6-1_all.deb |
Related
cvelist
cvelist
CVE-2021-47152 mptcp: fix data stream corruption
2024-03-25 09:07:47
nvd
nvd
CVE-2021-47152
2024-03-25 09:15:09
ubuntucve
ubuntucve
CVE-2021-47152
2024-03-25 00:00:00
cve
cve
CVE-2021-47152
2024-03-25 09:15:09
redhatcve
redhatcve
CVE-2021-47152
2024-03-25 17:53:16