CVE-2024-46858

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the mptcp pm del add timer function, caused by a race condition between two paths accessing this function. This vulnerability can lead to the exploitation of the confidentiality, integrity, and availability of protected information. The vulnerability occurs when the remove anno list by saddr function releases an entry after leaving a critical zone protected by "pm.lock", resulting in a use-after-free condition in mptcp pm del add timer. To fix this, a reference to add timer is kept inside the lock, and sk stop timer sync is called with this reference instead of "entry->add timer". Additionally, list del(&entry->list) is moved to mptcp pm del add timer and inside the pm lock to avoid similar use-after-free conditions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.