CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Use skdstget and dstdevrcu in mptcpactiveenable. mptcpactiveenable is called from subflowfinishconnect, which is icsk-icskafops-skrxdstset. This call isn’t always under a RCU context. Using skdstgetsk-dev could lead to a U...

5.7AI score0.00024EPSS

5.5CVSS5.9AI score0.00014EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint, the netlink PM traverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

5.5CVSS6.3AI score0.00072EPSS

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: fixed the issue of re-injecting stale data from stale subflows. When the MPTCP Process Manager detects that a subflow is stale, the packet scheduler must re-inject all the unacknowledged data at the mptcp level. To avoid...

5.5CVSS6.2AI score0.00006EPSS

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: Race condition in subflow creation in mptcprcvspaceadjust. Additional active subflows—i.e., those created by the kernel’s internal processes—are included in the subflow list before starting the 3whs process. If recvmsg is...

7.8CVSS6.5AI score0.00026EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Race conditions between subflow failures and additional subflow creations. We have race conditions similar to those addressed by the previous patch, between subflow failures and additional subflow creations. These conditio...

5.5CVSS6.2AI score0.00066EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fixed a NULL pointer in canacceptnewsubflow. When testing the valkey benchmark tool with MPTCP, the kernel panics in mptcpcanacceptnewsubflow because subflowreq-msk is NULL. The call trace is as follows:...

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect After the committed code below, if the MPC subflow is already in the TCPCLOSE status or has fallen back to TCP at the mptcpdisconnect time, mptcpdofastclose skips setting the sendfastclos...

5.5CVSS5.8AI score0.00033EPSS

Exploits0References1

5.5CVSS6.2AI score0.00007EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: handles DDS corruption consistently. The buggy peer implementation can send corrupted DSS options, consistently causing several warnings in the data path. Use DEBUGNET assertions to avoid errors on some builds and to handl...

5.5CVSS5.8AI score0.00018EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: The “kern” flag has been removed from fallback sockets. The mptcp ULP extension relies on ensuring that sk-sksockkern is set correctly. It prevents the call to setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6 from working for...

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Prevent BPF from accessing lowat from a subflow socket. Alexei reported the following error: WARNING: CPU: 32, PID: 3276, in net/mptcp/subflow.c:1430, function subflowdataready+0x147/0x1c0. Linked modules: dummy,...

7.8CVSS6AI score0.00046EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepted for MPJ req Adding the following warning ... WARNONONCEmsk-pm.addaddraccepted == 0 ... before decrementing the addaddraccepted counter helped to find a bug when running the "remove single...

5.5CVSS6.4AI score0.00019EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•10 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: pm: Fixed the issue where ID 0 endp usage occurs after multiple recreations. localaddrused and addaddraccepted are decremented for addresses that are not related to the initial subflow ID0. This is because the source an...

4.7CVSS6.3AI score0.00025EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: For mptcp: pm: only marking ‘subflow’ endp as available. The following warning was added: …WARNONONCEmsk-pm.localaddrused == 0 …Decreasing the localaddrused counter helped to identify a bug when running the “remove single address...

5.5CVSS6.2AI score0.00025EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: pm: in-kernel: always marking signal+subflow endp as used Syzkaller managed to find a combination of actions that caused this warning to occur: msk-pm.localaddrused == 0 WARNING: net/mptcp/pmkernel.c:1071 at...

5.5CVSS5.8AI score0.00018EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpParseOption...

5.5CVSS6.1AI score0.00017EPSS