CVE-2024-53122

In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0a9a182ea5c7bb0374e527130fd85024ace7279b
https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527	Patch
https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8	Patch
https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d	Patch
https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc7::::::

History

14 Dec 2024, 21:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/0a9a182ea5c7bb0374e527130fd85024ace7279b -

11 Dec 2024, 21:14

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CWE		CWE-362
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
References	~~() https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527 -~~	() https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527 - Patch
References	~~() https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8 -~~	() https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8 - Patch
References	~~() https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d -~~	() https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d - Patch
References	~~() https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0 -~~	() https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: creación de subflujo de ejecución en mptcp_rcv_space_adjust Los subflujos activos adicionales (es decir, creados por el administrador de rutas en el kernel) se incluyen en la lista de subflujos antes de iniciar 3whs. Un recvmsg() de ejecución que pone en cola los datos recibidos en un subflujo ya establecido llamaría incondicionalmente a tcp_cleanup_rbuf() en todos los subflujos actuales, lo que podría provocar un error de división por cero en los recién creados. Verifique explícitamente que el subflujo esté en un estado adecuado antes de invocar tcp_cleanup_rbuf().
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

02 Dec 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-02 14:15

Updated : 2024-12-14 21:15

NVD link : CVE-2024-53122

Mitre link : CVE-2024-53122

CVE.ORG link : CVE-2024-53122

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

5.5 /10