CVE-2024-50185

Summary

In the Linux kernel, the following vulnerability has been resolved:

mptcp: handle consistently DSS corruption

Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUG_NET assertions, to avoid the splat on some builds and handle consistently the error, dumping related MIBs and performing fallback and/or reset according to the subflow type.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6771bfd9ee2460c13e38c0cd46a3afb5404ae716 < fde99e972b8f88cebe619241d7aa43d288ef666aaffected
LinuxLinux6771bfd9ee2460c13e38c0cd46a3afb5404ae716 < 12c1676d598e3b8dd92a033b623b792cc2ea1ec5affected
LinuxLinux6771bfd9ee2460c13e38c0cd46a3afb5404ae716 < 35668f8ec84f6c944676e48ecc6bbc5fc8e6fe25affected
LinuxLinux6771bfd9ee2460c13e38c0cd46a3afb5404ae716 < b8be15d1ae7ea4eedd547c3b3141f592fbddcd30affected
LinuxLinux6771bfd9ee2460c13e38c0cd46a3afb5404ae716 < 8bfd391bde685df7289b928ce8876a3583be4bfbaffected
LinuxLinux6771bfd9ee2460c13e38c0cd46a3afb5404ae716 < e32d262c89e2b22cb0640223f953b548617ed8a6affected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.228 <= 5.10.*unaffected
LinuxLinux5.15.169 <= 5.15.*unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.57 <= 6.6.*unaffected
LinuxLinux6.11.4 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References