CVE-2023-54085

Summary

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix NULL pointer dereference on fastopen early fallback

In case of early fallback to TCP, subflow_syn_recv_sock() deletes the subflow context before returning the newly allocated sock to the caller.

The fastopen path does not cope with the above unconditionally dereferencing the subflow context.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux36b122baf6a8bd46b4a591f12f4ed17b22257408 < 95135835519b0ab931c39908b2c99e9fb3c9068baffected
LinuxLinux36b122baf6a8bd46b4a591f12f4ed17b22257408 < c0ff6f6da66a7791a32c0234388b1bdc00244917affected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux6.2.12 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References