52 matches found
UBUNTU-CVE-2022-50070
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/afinet.c:153 inetsockdestruct+0x6d0/0x8e0 net/ipv4/afinet.c:153 Modules linked in: uioivshmemOE ui...
CVE-2022-50070
CVE-2022-50070 affects the Linux kernel and relates to the mptcp datapath: a transmit could race with mptcp_close(), causing a closed subflow (ssk) to be re-transmitted. The root cause is a subflow-state check performed before acquiring the socket lock, enabling re-transmission on an already clos...
CVE-2022-50070 mptcp: do not queue data on closed subflows
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/afinet.c:153 inetsockdestruct+0x6d0/0x8e0 net/ipv4/afinet.c:153 Modules linked in: uioivshmemOE ui...
CVE-2022-50070
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/afinet.c:153 inetsockdestruct+0x6d0/0x8e0 net/ipv4/afinet.c:153 Modules linked in: uioivshmemOE ui...
CVE-2022-50070 mptcp: do not queue data on closed subflows
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/afinet.c:153 inetsockdestruct+0x6d0/0x8e0 net/ipv4/afinet.c:153 Modules linked in: uioivshmemOE ui...
DEBIAN-CVE-2023-53072
In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after having refactored the passive socket initialization part: BUG: KASAN: use-after-free in tokenbucketbusy+0x253/0x260 Read o...
UBUNTU-CVE-2023-53072
In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after having refactored the passive socket initialization part: BUG: KASAN: use-after-free in tokenbucketbusy+0x253/0x260 Read o...
SUSE CVE-2022-49669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccepted subflows and that causes later deletion of the paired MPTCP sockets. The mptcp socket's worker ca...
DEBIAN-CVE-2022-49669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccepted subflows and that causes later deletion of the paired MPTCP sockets. The mptcp socket's worker ca...
UBUNTU-CVE-2022-49669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccepted subflows and that causes later deletion of the paired MPTCP sockets. The mptcp socket's worker ca...
CVE-2024-53122
CVE-2024-53122 affects the Linux kernel in mptcp: racing subflow creation in mptcp_rcv_space_adjust can trigger a race when handling spooled data on a subflow, potentially causing a divide-by-zero during tcp_cleanup_rbuf() on newly created subflows. The fix adds a state check to ensure the subflo...
kernel: mptcp: fix data re-injection from stale subflow
A flaw was found in the Linux kernel. A logical error in the Multipath TCP packet manager causes some packets intended for retransmission to be lost, resulting in a potential denial of service...
kernel: mptcp: fix data re-injection from stale subflow
A flaw was found in the Linux kernel. A logical error in the Multipath TCP packet manager causes some packets intended for retransmission to be lost, resulting in a potential denial of service...
kernel: mptcp: fix data re-injection from stale subflow
A flaw was found in the Linux kernel. A logical error in the Multipath TCP packet manager causes some packets intended for retransmission to be lost, resulting in a potential denial of service...
SUSE CVE-2024-45009
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepted for MPJ req Adding the following warning ... WARNONONCEmsk-pm.addaddraccepted == 0 ... before decrementing the addaddraccepted counter helped to find a bug when running the "remove single...
AZL-49224 CVE-2024-45009 affecting package kernel for versions less than 6.6.51.1-1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepted for MPJ req Adding the following warning ... WARNONONCEmsk-pm.addaddraccepted == 0 ... before decrementing the addaddraccepted counter helped to find a bug when running the "remove single...
UBUNTU-CVE-2024-45010
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...
SUSE CVE-2021-47594
In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...
DEBIAN-CVE-2021-47594
In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...
UBUNTU-CVE-2021-47594
In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...