Re: CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()

From: Greg Kroah-Hartman
Date: Mon Jun 17 2024 - 07:31:23 EST


On Mon, Jun 17, 2024 at 01:28:05PM +0200, Michal Hocko wrote:
> On Thu 06-06-24 10:03:59, Michal Hocko wrote:
> > Hi,
> > what is the actual security threat here? As far as I can see, the
> > problem that the commit requested here addresses seems to be rather
> > functional, rather than responding to an unexpected packet options with
> > a reset, we actually establish a connection with some garbage parameters
> > (likely unpredictable). Which is unfortunate but I do not see any
> > security implications.
>
> Does the silence mean that there are no actual security implications
> here?

Sorry, no, I was traveling and am still trying to catch up with the
pending queue. Should get to it later today or tomorrow, sorry for the
delay.

greg k-h