Linux Kernel Vulnerability in MPTCP Path Manager Affecting Multiple Versions
CVE-2025-21706

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability in the Linux kernel related to the MultiPath TCP (MPTCP) implementation allows an incorrect setting of the 'fullmesh' flag on endpoints not intended for this allocation. This can lead to unexpected overrides in the endpoint linking process, which may impact the stability and functionality of ongoing connections. This flaw stems from permissive behavior in the set_flags() function, which potentially exposes 'implicit' endpoints to the 'fullmesh' setting, allowing suboptimal routing of data. Proper validation should be implemented to bolster endpoint management and prevent erroneous configuration.

Affected Version(s)

Linux 73c762c1f07dacba4fd1cefd15e24b419d42320d < 22b0734c9401a74ed4ebd9e8ef0da33e493852eb

Linux 73c762c1f07dacba4fd1cefd15e24b419d42320d

Linux 73c762c1f07dacba4fd1cefd15e24b419d42320d < 8ac344cbd84fda75e05e1f445f7f8fb24dc175e1

References

https://git.kernel.org/stable/c/22b0734c9401a74ed4ebd9e8e...

https://git.kernel.org/stable/c/de3b8d41d2547452c4cafb146...

https://git.kernel.org/stable/c/8ac344cbd84fda75e05e1f445...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024