Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2021-47152

HistoryMar 25, 2024 - 9:15 a.m.

CVE-2021-47152

2024-03-2509:15:09

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

data stream corruption

mptcp protocol

maxim

tcp transparent proxy

inbound connections

vulnerability

memory allocation

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix data stream corruption

Maxim reported several issues when forcing a TCP transparent proxy
to use the MPTCP protocol for the inbound connections. He also
provided a clean reproducer.

The problem boils down to ‘mptcp_frag_can_collapse_to()’ assuming
that only MPTCP will use the given page_frag.

If others - e.g. the plain TCP protocol - allocate page fragments,
we can end-up re-using already allocated memory for mptcp_data_frag.

Fix the issue ensuring that the to-be-expanded data fragment is
located at the current page frag end.

v1 -> v2:

added missing fixes tag (Mat)

References

git.kernel.org/stable/c/18e7f0580da15cac1e79d73683ada5a9e70980f8

git.kernel.org/stable/c/29249eac5225429b898f278230a6ca2baa1ae154

git.kernel.org/stable/c/3267a061096efc91eda52c2a0c61ba76e46e4b34