mptcp: pm: Fix uaf in __timer_delete_sync

...

CVE-2024-50185 mptcp: handle consistently DSS corruption

In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUGNET assertions, to avoid the splat on some builds and handle...

The vulnerability of the mptcp component in Linux kernel, which allows a hacker to cause a service failure

The vulnerability of the mptcp component in the Linux operating system’s kernel is related to incorrect blocking in the subflowgetinfo function. Exploiting this vulnerability can allow an attacker to cause a service failure...

AZL-49182 CVE-2024-45010 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...

PT-2024-11182 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to MPTCP sk forward memory handling, which is protected by the msk socket spin lock. A code path updating this field without handling the relevant lock can cause...

CVE-2021-23045

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to...

F5 BIG-IP输入验证错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 TMUI SCTP denial of service vulnerability could cause TMM to terminate when an SCTP profile with multiple paths is...

CVE-2019-6594

On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP MPTCP does not protect against multiple zero length DATAFINs in the reassembly queue, which can lead to an infinite loop in some circumstances...

PT-2017-12883

Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.2 Description The issue is related to a buffer over-read in the MPTCP parser, specifically in the print-mptcp.c file, affecting several functions. Recommendations For versions prior to 4.9.2, update to version 4.9...

Complex Code Reuse Attacks: ROPMEMU

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks Talos has developed ROPMEMU, a framework to analyze, dissect and decompile complex code-reuse attacks. It adopts a set of different techniques to analyze ROP chains and reconstruct their equivalent code in a form...