PT-2024-3410 · Linux+7 · Linux Kernel+7
Davide Caratti
·
Published
2024-02-26
·
Updated
2025-09-29
·
CVE-2024-26782
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.8.0-rc1+
Description:
The vulnerability is related to a double-free issue in the Linux kernel's MPTCP (Multipath TCP) implementation. When an MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inet opt' for the new socket has the same value as the original one, leading to a double-free error when the program exits. This can cause a denial-of-service (DoS) condition.
Recommendations:
To resolve this issue, update the Linux kernel to a version that includes the fix for the double-free vulnerability, which is version 6.8.0-rc1 or later. If updating is not possible, consider disabling MPTCP or restricting its use to minimize the risk of exploitation.
Exploit
Fix
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu