Re: CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()

From: Greg Kroah-Hartman
Date: Mon Jun 17 2024 - 12:53:51 EST

Next message: Athira Rajeev: "Re: [PATCH V2 2/3] tools/perf: Use is_perf_pid_map_name helper function to check dso's of pattern /tmp/perf-%d.map"
Previous message: Guilherme G. Piccoli: "Re: [PATCH AUTOSEL 6.1 07/29] efi: pstore: Return proper errors on UEFI failures"
In reply to: Michal Hocko: "Re: CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()"
Next in thread: Michal Hocko: "Re: CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 06, 2024 at 10:03:54AM +0200, Michal Hocko wrote:
> Hi,
> what is the actual security threat here? As far as I can see, the
> problem that the commit requested here addresses seems to be rather
> functional, rather than responding to an unexpected packet options with
> a reset, we actually establish a connection with some garbage parameters
> (likely unpredictable). Which is unfortunate but I do not see any
> security implications.

Sorry for the delay. I'm pretty sure this is a data leak as the
"garbage" is coming from other kernel data, and as such, was reviewed by
us as a vulnerability.

Do you not see it as such?

thanks,

greg k-h

Next message: Athira Rajeev: "Re: [PATCH V2 2/3] tools/perf: Use is_perf_pid_map_name helper function to check dso's of pattern /tmp/perf-%d.map"
Previous message: Guilherme G. Piccoli: "Re: [PATCH AUTOSEL 6.1 07/29] efi: pstore: Return proper errors on UEFI failures"
In reply to: Michal Hocko: "Re: CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()"
Next in thread: Michal Hocko: "Re: CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]