{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46711", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.252Z", "datePublished": "2024-09-13T06:33:42.956Z", "dateUpdated": "2024-12-19T09:21:29.306Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:21:29.306Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n'local_addr_used' and 'add_addr_accepted' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don't count as \"additional local address being used\" or\n\"ADD_ADDR being accepted\".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/pm_netlink.c"], "versions": [{"version": "3ad14f54bd7448384458e69f0183843f683ecce8", "lessThan": "c9c744666f7308a4daba520191e29d395260bcfe", "status": "affected", "versionType": "git"}, {"version": "3ad14f54bd7448384458e69f0183843f683ecce8", "lessThan": "53e2173172d26c0617b29dd83618b71664bed1fb", "status": "affected", "versionType": "git"}, {"version": "3ad14f54bd7448384458e69f0183843f683ecce8", "lessThan": "119806ae4e46cf239db8e6ad92bc2fd3daae86dc", "status": "affected", "versionType": "git"}, {"version": "3ad14f54bd7448384458e69f0183843f683ecce8", "lessThan": "9366922adc6a71378ca01f898c41be295309f044", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/pm_netlink.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.109", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.49", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.8", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe"}, {"url": "https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb"}, {"url": "https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc"}, {"url": "https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044"}], "title": "mptcp: pm: fix ID 0 endp usage after multiple re-creations", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-29T14:59:30.987140Z", "id": "CVE-2024-46711", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:59:46.450Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46711", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-29T14:59:30.987140Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:59:35.215Z"}}], "cna": {"title": "mptcp: pm: fix ID 0 endp usage after multiple re-creations", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3ad14f54bd7448384458e69f0183843f683ecce8", "lessThan": "c9c744666f7308a4daba520191e29d395260bcfe", "versionType": "git"}, {"status": "affected", "version": "3ad14f54bd7448384458e69f0183843f683ecce8", "lessThan": "53e2173172d26c0617b29dd83618b71664bed1fb", "versionType": "git"}, {"status": "affected", "version": "3ad14f54bd7448384458e69f0183843f683ecce8", "lessThan": "119806ae4e46cf239db8e6ad92bc2fd3daae86dc", "versionType": "git"}, {"status": "affected", "version": "3ad14f54bd7448384458e69f0183843f683ecce8", "lessThan": "9366922adc6a71378ca01f898c41be295309f044", "versionType": "git"}], "programFiles": ["net/mptcp/pm_netlink.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.0"}, {"status": "unaffected", "version": "0", "lessThan": "6.0", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.109", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.49", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.8", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/mptcp/pm_netlink.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe"}, {"url": "https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb"}, {"url": "https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc"}, {"url": "https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n'local_addr_used' and 'add_addr_accepted' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don't count as \"additional local address being used\" or\n\"ADD_ADDR being accepted\".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:21:29.306Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46711", "state": "PUBLISHED", "dateUpdated": "2024-12-19T09:21:29.306Z", "dateReserved": "2024-09-11T15:12:18.252Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-13T06:33:42.956Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2284EA65-3542-42FF-A764-62B7192384D0", "versionEndExcluding": "6.1.109", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1191B7F1-F275-45F5-9E82-A012FF517BFA", "versionEndExcluding": "6.6.49", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B5D46C3-56A4-4380-9309-27BF73DF29A7", "versionEndExcluding": "6.10.8", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n\n'local_addr_used' and 'add_addr_accepted' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don't count as \"additional local address being used\" or\n\"ADD_ADDR being accepted\".\n\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: pm: se corrige el uso de ID 0 endp despu\u00e9s de m\u00faltiples recreaciones. 'local_addr_used' y 'add_addr_accepted' se decrementan para direcciones no relacionadas con el subflujo inicial (ID0), porque las direcciones de origen y destino de los subflujos iniciales se conocen desde el principio: no cuentan como \"direcci\u00f3n local adicional en uso\" o \"ADD_ADDR aceptada\". Luego, se requiere no incrementarlas cuando el punto de entrada utilizado por el subflujo inicial se elimina y se vuelve a agregar durante una conexi\u00f3n. Sin esta modificaci\u00f3n, este punto de entrada no se puede eliminar y volver a agregar m\u00e1s de una vez."}], "id": "CVE-2024-46711", "lastModified": "2024-09-19T13:12:30.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-13T07:15:05.953", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mptcp: pm: fix ID 0 endp usage after multiple re-creations", "id": "2312108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312108"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmptcp: pm: fix ID 0 endp usage after multiple re-creations\n'local_addr_used' and 'add_addr_accepted' are decremented for addresses\nnot related to the initial subflow (ID0), because the source and\ndestination addresses of the initial subflows are known from the\nbeginning: they don't count as \"additional local address being used\" or\n\"ADD_ADDR being accepted\".\nIt is then required not to increment them when the entrypoint used by\nthe initial subflow is removed and re-added during a connection. Without\nthis modification, this entrypoint cannot be removed and re-added more\nthan once."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-46711", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46711\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46711\nhttps://lore.kernel.org/linux-cve-announce/2024091348-CVE-2024-46711-ab95@gregkh/T"], "statement": "Only Red Hat Enterprise Linux 9 affected.", "threat_severity": "Moderate"}