CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-57882: mptcp: fix TCP options overflow.

Description

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix TCP options overflow.

Syzbot reported the following splat:

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
RIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]
RIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552
Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83
RSP: 0000:ffffc90003916c90 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac
R10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007
R13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000...

Classification

CVE ID: CVE-2024-57882

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.04% (scored less or equal to compared to others)

EPSS Date: 2025-02-13 (when was this score calculated)

References

https://git.kernel.org/stable/c/09ba95321a269019b5aa8e0c3bc80cf86d91fd18
https://git.kernel.org/stable/c/53fe947f67c93a5334aed3a7259fcc8a204f8bb6
https://git.kernel.org/stable/c/fb08e6b0ba284e3dcdc9378de26dcb51d90710f5
https://git.kernel.org/stable/c/cbb26f7d8451fe56ccac802c6db48d16240feebd

Timeline

2025-01-16 00:30:58 UTC
CVE

mptcp: fix TCP options overflow.
2025-03-29 09:45:21 UTC
Tenable Plugins

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP6) (SUSE-SU-2025:1057-1)
2025-03-29 09:45:22 UTC
Tenable Plugins

SUSE SLES15 Security Update : kernel RT (Live Patch 2 for SLE 15 SP6) (SUSE-SU-2025:1059-1)