cve-2024-53122
Vulnerability from cvelistv5
Published
2024-12-02 13:44
Modified
2024-12-02 13:44
Severity ?
Summary
mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0Patch
Impacted products
Vendor Product Version
Linux Linux Version: 5.10
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "24995851d58c",
              "status": "affected",
              "version": "c76c6956566f",
              "versionType": "git"
            },
            {
              "lessThan": "ff825ab2f455",
              "status": "affected",
              "version": "c76c6956566f",
              "versionType": "git"
            },
            {
              "lessThan": "aad6412c63ba",
              "status": "affected",
              "version": "c76c6956566f",
              "versionType": "git"
            },
            {
              "lessThan": "ce7356ae3594",
              "status": "affected",
              "version": "c76c6956566f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\n\nAdditional active subflows - i.e. created by the in kernel path\nmanager - are included into the subflow list before starting the\n3whs.\n\nA racing recvmsg() spooling data received on an already established\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\ncurrent subflows, potentially hitting a divide by zero error on\nthe newly created ones.\n\nExplicitly check that the subflow is in a suitable state before\ninvoking tcp_cleanup_rbuf()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-02T13:44:52.678Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d"
        }
      ],
      "title": "mptcp: cope racing subflow creation in mptcp_rcv_space_adjust",
      "x_generator": {
        "engine": "bippy-8e903de6a542"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53122",
    "datePublished": "2024-12-02T13:44:52.678Z",
    "dateReserved": "2024-11-19T17:17:24.994Z",
    "dateUpdated": "2024-12-02T13:44:52.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-53122\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-02T14:15:13.010\",\"lastModified\":\"2024-12-11T21:14:05.653\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\\n\\nAdditional active subflows - i.e. created by the in kernel path\\nmanager - are included into the subflow list before starting the\\n3whs.\\n\\nA racing recvmsg() spooling data received on an already established\\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\\ncurrent subflows, potentially hitting a divide by zero error on\\nthe newly created ones.\\n\\nExplicitly check that the subflow is in a suitable state before\\ninvoking tcp_cleanup_rbuf().\"},{\"lang\":\"es\",\"value\":\" En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: creaci\u00f3n de subflujo de ejecuci\u00f3n en mptcp_rcv_space_adjust Los subflujos activos adicionales (es decir, creados por el administrador de rutas en el kernel) se incluyen en la lista de subflujos antes de iniciar 3whs. Un recvmsg() de ejecuci\u00f3n que pone en cola los datos recibidos en un subflujo ya establecido llamar\u00eda incondicionalmente a tcp_cleanup_rbuf() en todos los subflujos actuales, lo que podr\u00eda provocar un error de divisi\u00f3n por cero en los reci\u00e9n creados. Verifique expl\u00edcitamente que el subflujo est\u00e9 en un estado adecuado antes de invocar tcp_cleanup_rbuf().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"6.1.119\",\"matchCriteriaId\":\"6A2C9B37-E912-41BB-9EF9-3BC3C5E13B09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.63\",\"matchCriteriaId\":\"8800BB45-48BC-4B52-BDA5-B1E4633F42E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.10\",\"matchCriteriaId\":\"C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B88717-53F5-42AA-9B72-14C707639E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EF8CD82-1EAE-4254-9545-F85AB94CF90F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.