CVE-2021-47594

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc4-syzkaller

Description The vulnerability is related to the MPTCP component in the Linux kernel, which can cause a NULL pointer dereference when deleting an endpoint. This can lead to a general protection fault and potentially allow an attacker to cause a denial of service. The issue occurs when the netlink PM traverses all local MPTCP sockets, regardless of their status, and closes the listener TCP socket if an MPTCP listener socket is bound to the IP matching the delete endpoint.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix, which explicitly skips MPTCP sockets in TCP LISTEN status. At the moment, there is no information about a newer version that contains a fix for this vulnerability.