CVE-2022-48906

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.1

Description A vulnerability in the Linux kernel's MPTCP component has been identified, where a large number of DATA FIN retransmits can cause a shift-out-of-bounds in the DATA FIN timeout calculation. This issue can lead to a denial of service. The vulnerability was discovered using Syzkaller with UBSAN, which uncovered a scenario where the shift exponent 32 is too large for a 32-bit type 'unsigned int'. The change to resolve this issue limits the maximum timeout by limiting the size of the shift, keeping all intermediate values in-bounds.

Recommendations To resolve this issue, update the Linux kernel to version 5.17.1 or later. As a temporary workaround, consider disabling the mptcp set datafin timeout function until a patch is available. Restrict access to the MPTCP component to minimize the risk of exploitation. Avoid using the DATA FIN retransmit feature in the affected API endpoint until the issue is resolved.