MPTCP Vulnerability in Linux Kernel Affects Network Performance
CVE-2025-21707

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability has been identified in the MPTCP implementation within the Linux kernel, wherein the handling of received suboptions status is not robust enough. The current mechanism relies on a bitmask to manage the state of these suboptions, but fails to consistently clear certain associated bitfields during parsing. This lapse can lead to undefined behavior, potentially exposing systems to various network attacks. The flaw has been demonstrated by tools like syzbot, which triggered scenarios where crucial bitfields remained uninitialized, thereby creating pathways for exploitation.

Affected Version(s)

Linux 84dfe3677a6f45b3d0dfdd564e55717a1a5e60cc < 3b5332d416d151a15742d1b16e7319368e3cc5c6

Linux 84dfe3677a6f45b3d0dfdd564e55717a1a5e60cc < 7f6c72b8ef8130760710e337dc8fbe7263954884

Linux 84dfe3677a6f45b3d0dfdd564e55717a1a5e60cc < 6169e942370b4b6f9442d35c51519bf6c346843b

References

https://git.kernel.org/stable/c/3b5332d416d151a15742d1b16...

https://git.kernel.org/stable/c/7f6c72b8ef8130760710e337d...

https://git.kernel.org/stable/c/6169e942370b4b6f9442d35c5...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024