Re: CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()

From: Greg Kroah-Hartman
Date: Mon Jun 17 2024 - 12:53:51 EST


On Thu, Jun 06, 2024 at 10:03:54AM +0200, Michal Hocko wrote:
> Hi,
> what is the actual security threat here? As far as I can see, the
> problem that the commit requested here addresses seems to be rather
> functional, rather than responding to an unexpected packet options with
> a reset, we actually establish a connection with some garbage parameters
> (likely unpredictable). Which is unfortunate but I do not see any
> security implications.

Sorry for the delay. I'm pretty sure this is a data leak as the
"garbage" is coming from other kernel data, and as such, was reviewed by
us as a vulnerability.

Do you not see it as such?

thanks,

greg k-h