CVE-2024-45009

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing the add_addr_accepted counter helped to find a bug when running the "remove single subflow" subtest from the mptcp_join.sh selftest. Removing a 'subflow' endpoint will first trigger a RM_ADDR, then the subflow closure. Before this patch, and upon the reception of the RM_ADDR, the other peer will then try to decrement this add_addr_accepted. That's not correct because the attached subflows have not been created upon the reception of an ADD_ADDR. A way to solve that is to decrement the counter only if the attached subflow was an MP_JOIN to a remote id that was not 0, and initiated by the host receiving the RM_ADDR.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*

History

13 Sep 2024, 16:36

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CWE NVD-CWE-noinfo
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd - () https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd - Patch
References () https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c - () https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c - Patch
References () https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d - () https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d - Patch
References () https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7 - () https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7 - Patch
References () https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608 - () https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608 - Patch

12 Sep 2024, 12:15

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: pm: solo decrementar add_addr_accepted para solicitud MPJ Agregar la siguiente advertencia ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... antes de decrementar el contador add_addr_accepted ayudó a encontrar un error al ejecutar la subprueba "eliminar un solo subflujo" de la autoprueba mptcp_join.sh. Eliminar un endpoint de 'subflujo' primero activará un RM_ADDR, luego el cierre del subflujo. Antes de este parche, y tras la recepción del RM_ADDR, el otro par intentará decrementar este add_addr_accepted. Eso no es correcto porque los subflujos adjuntos no se han creado tras la recepción de un ADD_ADDR. Una forma de resolver esto es disminuir el contador solo si el subflujo adjunto fue un MP_JOIN a una identificación remota que no era 0, e iniciado por el host que recibió el RM_ADDR.
References
  • () https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d -

11 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-11 16:15

Updated : 2024-09-13 16:36


NVD link : CVE-2024-45009

Mitre link : CVE-2024-45009

CVE.ORG link : CVE-2024-45009


JSON object : View

Products Affected

linux

  • linux_kernel