4.7

CVE-2024-46711

mptcp: pm: fix ID 0 endp usage after multiple re-creations

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: fix ID 0 endp usage after multiple re-creations

'local_addr_used' and 'add_addr_accepted' are decremented for addresses
not related to the initial subflow (ID0), because the source and
destination addresses of the initial subflows are known from the
beginning: they don't count as "additional local address being used" or
"ADD_ADDR being accepted".

It is then required not to increment them when the entrypoint used by
the initial subflow is removed and re-added during a connection. Without
this modification, this entrypoint cannot be removed and re-added more
than once.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.0 < 6.1.109
LinuxLinux Kernel Version >= 6.2 < 6.6.49
LinuxLinux Kernel Version >= 6.7 < 6.10.8
LinuxLinux Kernel Version6.11 Updaterc1
LinuxLinux Kernel Version6.11 Updaterc2
LinuxLinux Kernel Version6.11 Updaterc3
LinuxLinux Kernel Version6.11 Updaterc4
LinuxLinux Kernel Version6.11 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.118
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc
Patch
https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb
Patch
https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044
Patch
https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html