CVE-2024-35840 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in mptcp_parse_option()

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/413b913507326972135d2977975dbff8b7f2c453
https://git.kernel.org/stable/c/51e4cb032d49ce094605f27e45eabebc0408893c
https://git.kernel.org/stable/c/76e8de7273a22a00d27e9b8b7d4d043d6433416a
https://git.kernel.org/stable/c/ad3e8f5c3d5c53841046ef7a947c04ad45a20721
https://git.kernel.org/stable/c/be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb
https://lore.kernel.org/linux-cve-announce/2024051756-CVE-2024-35840-99fa@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35840
https://www.cve.org/CVERecord?id=CVE-2024-35840

History

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T14:27:31.166Z

Updated: 2024-11-05T09:23:25.287Z

Reserved: 2024-05-17T13:50:33.104Z

Link: CVE-2024-35840

Vulnrichment

Updated: 2024-08-02T03:21:48.782Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T15:15:21.090

Modified: 2024-05-17T18:35:35.070

Link: CVE-2024-35840

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-35840 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35840", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.104Z", "datePublished": "2024-05-17T14:27:31.166Z", "dateUpdated": "2024-11-05T09:23:25.287Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:23:25.287Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()\n\nsubflow_finish_connect() uses four fields (backup, join_id, thmac, none)\nthat may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set\nin mptcp_parse_option()"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/subflow.c"], "versions": [{"version": "f296234c98a8", "lessThan": "413b91350732", "status": "affected", "versionType": "git"}, {"version": "f296234c98a8", "lessThan": "51e4cb032d49", "status": "affected", "versionType": "git"}, {"version": "f296234c98a8", "lessThan": "ad3e8f5c3d5c", "status": "affected", "versionType": "git"}, {"version": "f296234c98a8", "lessThan": "76e8de7273a2", "status": "affected", "versionType": "git"}, {"version": "f296234c98a8", "lessThan": "be1d9d9d38da", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/subflow.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/413b913507326972135d2977975dbff8b7f2c453"}, {"url": "https://git.kernel.org/stable/c/51e4cb032d49ce094605f27e45eabebc0408893c"}, {"url": "https://git.kernel.org/stable/c/ad3e8f5c3d5c53841046ef7a947c04ad45a20721"}, {"url": "https://git.kernel.org/stable/c/76e8de7273a22a00d27e9b8b7d4d043d6433416a"}, {"url": "https://git.kernel.org/stable/c/be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb"}], "title": "mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35840", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:16:03.221877Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:51.661Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.782Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/413b913507326972135d2977975dbff8b7f2c453", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/51e4cb032d49ce094605f27e45eabebc0408893c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad3e8f5c3d5c53841046ef7a947c04ad45a20721", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/76e8de7273a22a00d27e9b8b7d4d043d6433416a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/413b913507326972135d2977975dbff8b7f2c453", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/51e4cb032d49ce094605f27e45eabebc0408893c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad3e8f5c3d5c53841046ef7a947c04ad45a20721", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/76e8de7273a22a00d27e9b8b7d4d043d6433416a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.782Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35840", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:16:03.221877Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.612Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f296234c98a8", "lessThan": "413b91350732", "versionType": "git"}, {"status": "affected", "version": "f296234c98a8", "lessThan": "51e4cb032d49", "versionType": "git"}, {"status": "affected", "version": "f296234c98a8", "lessThan": "ad3e8f5c3d5c", "versionType": "git"}, {"status": "affected", "version": "f296234c98a8", "lessThan": "76e8de7273a2", "versionType": "git"}, {"status": "affected", "version": "f296234c98a8", "lessThan": "be1d9d9d38da", "versionType": "git"}], "programFiles": ["net/mptcp/subflow.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.7"}, {"status": "unaffected", "version": "0", "lessThan": "5.7", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.148", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.75", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.14", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.2", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/mptcp/subflow.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/413b913507326972135d2977975dbff8b7f2c453"}, {"url": "https://git.kernel.org/stable/c/51e4cb032d49ce094605f27e45eabebc0408893c"}, {"url": "https://git.kernel.org/stable/c/ad3e8f5c3d5c53841046ef7a947c04ad45a20721"}, {"url": "https://git.kernel.org/stable/c/76e8de7273a22a00d27e9b8b7d4d043d6433416a"}, {"url": "https://git.kernel.org/stable/c/be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()\n\nsubflow_finish_connect() uses four fields (backup, join_id, thmac, none)\nthat may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set\nin mptcp_parse_option()"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:29:54.769Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35840", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:21:48.782Z", "dateReserved": "2024-05-17T13:50:33.104Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T14:27:31.166Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()", "id": "2281282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281282"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()\nsubflow_finish_connect() uses four fields (backup, join_id, thmac, none)\nthat may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set\nin mptcp_parse_option()"], "name": "CVE-2024-35840", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35840\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35840\nhttps://lore.kernel.org/linux-cve-announce/2024051756-CVE-2024-35840-99fa@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.148, kernel 6.1.75, kernel 6.6.14, kernel 6.7.2, kernel 6.8"}