5 matches found
CVE-2024-35840
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpparseoption...
CVE-2024-35840
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpparseoption...
CVE-2024-35840 mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpparseoption...
CVE-2024-35840 mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpparseoption...
CVE-2024-35840
The CVE-2024-35840 issue affects the Linux kernel MPTCP path. In subflow_finish_connect(), four fields (backup, join_id, thmac, none) may contain garbage unless OPTION_MPTCP_MPJ_SYNACK is set in mptcp_parse_option(), which is the root cause. The fix enables OPTION_MPTCP_MPJ_SYNACK in mptcp_parse_...