CVE-2024-50083

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0

Description: A vulnerability has been resolved in the Linux kernel related to MPTCP DSS corruption due to large PMTU xmit. The issue was triggered by Syzkaller, causing a DSS corruption and resulting in a warning. The vulnerability is related to the mptcp move skbs from subflow function in net/mptcp/protocol.c. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: To resolve the issue, update the Linux kernel to a version newer than 6.11.0. As a temporary workaround, consider disabling the mptcp module until a patch is available. Restrict access to the vulnerable net/mptcp/protocol.c module to minimize the risk of exploitation. Avoid using the mptcp protocol in the affected API endpoints until the issue is resolved.