Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-26708

HistoryApr 03, 2024 - 3:15 p.m.

CVE-2024-26708

2024-04-0315:15:53

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

mptcp

fastopen

subflow shutdown

syzkaller

tcp_fin_wait1

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

mptcp: really cope with fastopen race

Fastopen and PM-trigger subflow shutdown can race, as reported by
syzkaller.

In my first attempt to close such race, I missed the fact that
the subflow status can change again before the subflow_state_change
callback is invoked.

Address the issue additionally copying with all the states directly
reachable from TCP_FIN_WAIT1.

References

git.kernel.org/stable/c/337cebbd850f94147cee05252778f8f78b8c337f

git.kernel.org/stable/c/4bfe217e075d04e63c092df9d40c608e598c2ef2

git.kernel.org/stable/c/e158fb9679d15a2317ec13b4f6301bd26265df2f