{"vulnerability": "CVE-2024-50083", "sightings": [{"uuid": "ecc1d480-085b-4cae-aae2-f3120ca0e7b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50083", "type": "seen", "source": "https://t.me/cvedetector/9221", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50083 - VMware ESXi MTCP Edge Subflow Option Handling Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-50083 \nPublished : Oct. 29, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ntcp: fix mptcp DSS corruption due to large pmtu xmit  \n  \nSyzkaller was able to trigger a DSS corruption:  \n  \n  TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.  \n  ------------[ cut here ]------------  \n  WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695  \n  Modules linked in:  \n  CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0  \n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024  \n  RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695  \n  Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 <0f0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff  \n  RSP: 0018:ffffc90000006db8 EFLAGS: 00010246  \n  RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00  \n  RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0  \n  RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8  \n  R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000  \n  R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5  \n  FS:  000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000  \n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \n  CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0  \n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  \n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  \n  Call Trace:  \n     \n   move_skbs_to_msk net/mptcp/protocol.c:811 [inline]  \n   mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854  \n   subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490  \n   tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283  \n   tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237  \n   tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915  \n   tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350  \n   ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205  \n   ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233  \n   NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314  \n   NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314  \n   __netif_receive_skb_one_core net/core/dev.c:5662 [inline]  \n   __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775  \n   process_backlog+0x662/0x15b0 net/core/dev.c:6107  \n   __napi_poll+0xcb/0x490 net/core/dev.c:6771  \n   napi_poll net/core/dev.c:6840 [inline]  \n   net_rx_action+0x89b/0x1240 net/core/dev.c:6962  \n   handle_softirqs+0x2c5/0x980 kernel/softirq.c:554  \n   do_softirq+0x11b/0x1e0 kernel/softirq.c:455  \n     \n     \n   __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382  \n   local_bh_enable include/linux/bottom_half.h:33 [inline]  \n   rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]  \n   __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451  \n   dev_queue_xmit include/linux/netdevice.h:3094 [inline]  \n   neigh_hh_output include/net/neighbour.h:526 [inline]  \n   neigh_output include/net/neighbour.h:540 [inline]  \n   ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236  \n   ip_local_out net/ipv4/ip_output.c:130 [inline]  \n   __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536  \n   __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466  \n   tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]  \n   tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline]  \n   tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752  \n   __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015  \n   tcp_push_pending_frames include/net/tcp.h:2107 [inline]  \n   tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline]  \n   tc[...]", "creation_timestamp": "2024-10-29T03:02:54.000000Z"}, {"uuid": "6f3c98e1-0a19-4e56-806a-70912ca28609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50083", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}]}