CVE-2024-57882

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue is related to a TCP options overflow in the Linux kernel, specifically in the MPTCP (Multipath TCP) implementation. A buggy MPTCP option length computation can lead to a general protection fault, likely due to a non-canonical address. The root cause is a defective calculation of the MPTCP option length in certain circumstances, where the ADD ADDR option should be mutually exclusive with DSS. This can result in a probable shinfo->nr frags corruption.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the MPTCP functionality until a patch is available. Restrict access to the vulnerable MPTCP module to minimize the risk of exploitation. Avoid using the ADD ADDR option in conjunction with DSS until the issue is resolved.