In the Linux kernel, the following vulnerability has been resolved: mptcp:
fix data stream corruption Maxim reported several issues when forcing a TCP
transparent proxy to use the MPTCP protocol for the inbound connections. He
also provided a clean reproducer. The problem boils down to
‘mptcp_frag_can_collapse_to()’ assuming that only MPTCP will use the given
page_frag. If others - e.g. the plain TCP protocol - allocate page
fragments, we can end-up re-using already allocated memory for
mptcp_data_frag. Fix the issue ensuring that the to-be-expanded data
fragment is located at the current page frag end. v1 -> v2: - added missing
fixes tag (Mat)
git.kernel.org/stable/c/18e7f0580da15cac1e79d73683ada5a9e70980f8
git.kernel.org/stable/c/29249eac5225429b898f278230a6ca2baa1ae154
git.kernel.org/stable/c/3267a061096efc91eda52c2a0c61ba76e46e4b34
launchpad.net/bugs/cve/CVE-2021-47152
nvd.nist.gov/vuln/detail/CVE-2021-47152
security-tracker.debian.org/tracker/CVE-2021-47152
www.cve.org/CVERecord?id=CVE-2021-47152