MPTCP Vulnerability in Linux Kernel Affects Network Performance
CVE-2025-21707

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2025-21707?

A vulnerability has been identified in the MPTCP implementation within the Linux kernel, wherein the handling of received suboptions status is not robust enough. The current mechanism relies on a bitmask to manage the state of these suboptions, but fails to consistently clear certain associated bitfields during parsing. This lapse can lead to undefined behavior, potentially exposing systems to various network attacks. The flaw has been demonstrated by tools like syzbot, which triggered scenarios where crucial bitfields remained uninitialized, thereby creating pathways for exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 84dfe3677a6f45b3d0dfdd564e55717a1a5e60cc < 3a7fda57b0f91f7ea34476b165f91a92feb17c96

Linux 84dfe3677a6f45b3d0dfdd564e55717a1a5e60cc < 3b5332d416d151a15742d1b16e7319368e3cc5c6

Linux 84dfe3677a6f45b3d0dfdd564e55717a1a5e60cc < 7f6c72b8ef8130760710e337dc8fbe7263954884

References

https://git.kernel.org/stable/c/3a7fda57b0f91f7ea34476b16...
https://git.kernel.org/stable/c/3b5332d416d151a15742d1b16...
https://git.kernel.org/stable/c/7f6c72b8ef8130760710e337d...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.