CVE-2024-45010

MEDIUM EPSS 12.5%
Published Sep 11, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 11, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) ... before decrementing the local_addr_used counter helped to find a bug when running the "remove single address" subtest from the mptcp_join.sh selftests. Removing a 'signal' endpoint will trigger the removal of all subflows linked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with rm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used counter, which is wrong in this case because this counter is linked to 'subflow' endpoints, and here it is a 'signal' endpoint that is being removed. Now, the counter is decremented, only if the ID is being used outside of mptcp_pm_nl_rm_addr_or_subflow(), only for 'subflow' endpoints, and if the ID is not 0 -- local_addr_used is not taking into account these ones. This marking of the ID as being available, and the decrement is done no matter if a subflow using this ID is currently available, because the subflow could have been closed before.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
12.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥5.13  –  <6.1.108
linuxlinux_kernel*≥6.2  –  <6.6.48
linuxlinux_kernel*≥6.7  –  <6.10.7
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3
    Patch