NVD Vulnerability Detail

CVE-2024-45010

Summary	In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) ... before decrementing the local_addr_used counter helped to find a bug when running the "remove single address" subtest from the mptcp_join.sh selftests. Removing a 'signal' endpoint will trigger the removal of all subflows linked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with rm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used counter, which is wrong in this case because this counter is linked to 'subflow' endpoints, and here it is a 'signal' endpoint that is being removed. Now, the counter is decremented, only if the ID is being used outside of mptcp_pm_nl_rm_addr_or_subflow(), only for 'subflow' endpoints, and if the ID is not 0 -- local_addr_used is not taking into account these ones. This marking of the ID as being available, and the decrement is done no matter if a subflow using this ID is currently available, because the subflow could have been closed before.
Publication Date	Sept. 12, 2024, 1:15 a.m.
Registration Date	Sept. 12, 2024, 5 a.m.
Last Update	Sept. 14, 2024, 1:35 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f	Patch
2	https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d	Patch
3	https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3	Patch
4	https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6	Patch

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における脆弱性

Title	Linux の Linux Kernel における脆弱性
Summary	Linux の Linux Kernel には、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 20, 2024, midnight
Registration Date	Sept. 17, 2024, 2:40 p.m.
Last Update	Sept. 17, 2024, 2:40 p.m.

Affected System

Linux

Linux Kernel 5.13 以上 6.1.108 未満

Linux Kernel 6.11

Linux Kernel 6.2 以上 6.6.48 未満

Linux Kernel 6.7 以上 6.10.7 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-45010	https://www.cve.org/CVERecord?id=CVE-2024-45010
National Vulnerability Database (NVD)
2	CVE-2024-45010	https://nvd.nist.gov/vuln/detail/CVE-2024-45010

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	mptcp: pm: only mark 'subflow' endp as available (322ea37)	https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6
2	mptcp: pm: only mark 'subflow' endp as available (43cf912)	https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d
3	mptcp: pm: only mark 'subflow' endp as available (7fdc870)	https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f
4	mptcp: pm: only mark 'subflow' endp as available (9849cfc)	https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3
Linux Kernel
5	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年09月17日] 掲載	Sept. 17, 2024, 2:40 p.m.