4 matches found
Azure Linux 3.0 Security Update: kernel (CVE-2025-21707)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21707 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTC...
DEBIAN-CVE-2025-21707
In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...
AZL-57978 CVE-2025-21707 affecting package kernel for versions less than 5.15.179.1-1
In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...
CVE-2025-21707
CVE-2025-21707 details (Linux kernel MPTCP issue). The vulnerability arises in MPTCP suboption status handling, where zeroing a bitmask is insufficient and certain per-suboption bitfields may fail to be cleared/initialized. Syzkaller reported KMSAN uninitialized value paths in __mptcp_expand_seq ...