CVE-2024-36889

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.37

Description: The issue is related to the mptcp component of the Linux kernel, where the snd nxt variable is not properly initialized on connect, leading to potential corruption of snd una values. When fallback to TCP happens early on a client socket, snd nxt is not yet initialized, and any incoming ack will copy such value into snd una. If the mptcp worker tries mptcp-level re-injection after such ack, it would unconditionally trigger a send buffer cleanup using 'bad' snd una values. This could potentially cause issues, but the impact is considered very low to zero in practice.

Recommendations: To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling re-injection for fallback sockets to minimize the risk of exploitation. However, this workaround is not necessary if the kernel is updated to the fixed version.