Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-45010

Disclosure Date: September 11, 2024 •

CVE-2024-45010 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: only mark ‘subflow’ endp as available

Adding the following warning …

WARN_ON_ONCE(msk->pm.local_addr_used == 0)

… before decrementing the local_addr_used counter helped to find a bug
when running the “remove single address” subtest from the mptcp_join.sh
selftests.

Removing a ‘signal’ endpoint will trigger the removal of all subflows
linked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with
rm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used
counter, which is wrong in this case because this counter is linked to
‘subflow’ endpoints, and here it is a ‘signal’ endpoint that is being
removed.

Now, the counter is decremented, only if the ID is being used outside
of mptcp_pm_nl_rm_addr_or_subflow(), only for ‘subflow’ endpoints, and
if the ID is not 0 — local_addr_used is not taking into account these
ones. This marking of the ID as being available, and the decrement is
done no matter if a subflow using this ID is currently available,
because the subflow could have been closed before.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

linux kernel,
linux kernel 6.11

References

Canonical

CVE-2024-45010 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45010)

Miscellaneous

https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f

https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d

https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3

https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6

Rapid7

Unknown

CVE-2024-45010

Unknown

Unknown

None

Low

Local

CVE-2024-45010

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-45010

Unknown

Unknown

None

Low

Local

CVE-2024-45010

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification