CVE-2024-40931 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_una is properly initialized on connect This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It turns out that syzkaller can trigger the retransmit after fallback and before processing any other incoming packet - so that snd_una is still left uninitialized. Address the issue explicitly initializing snd_una together with snd_nxt and write_seq.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:7001	2024-09-24T00:00:00Z
kernel-0:4.18.0-553.22.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:7000	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.42.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:8617	2024-10-30T00:00:00Z
kernel-0:5.14.0-427.42.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:8617	2024-10-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.92.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:9497	2024-11-13T00:00:00Z
kernel-rt-0:5.14.0-284.92.1.rt14.377.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:9498	2024-11-13T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde
https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726
https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3
https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce
https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813
https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f
https://lore.kernel.org/linux-cve-announce/2024071216-CVE-2024-40931-77b2@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-40931
https://www.cve.org/CVERecord?id=CVE-2024-40931

History

Thu, 06 Mar 2025 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-908
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.10:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
Vendors & Products		Linux Linux linux Kernel

Wed, 13 Nov 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::nfv
Vendors & Products		Redhat rhel Eus

Wed, 30 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Tue, 24 Sep 2024 11:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv
Vendors & Products		Redhat Redhat enterprise Linux

Mon, 23 Sep 2024 10:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400

Thu, 12 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-12T12:25:09.778Z

Updated: 2025-05-04T09:18:11.851Z

Reserved: 2024-07-12T12:17:45.583Z

Link: CVE-2024-40931

Vulnrichment

Updated: 2024-08-02T04:39:55.803Z

NVD

Status : Analyzed

Published: 2024-07-12T13:15:15.750

Modified: 2025-03-06T12:53:17.520

Link: CVE-2024-40931

Redhat

Severity : Moderate

Publid Date: 2024-07-12T00:00:00Z

Links: CVE-2024-40931 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40931", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.583Z", "datePublished": "2024-07-12T12:25:09.778Z", "dateUpdated": "2025-05-04T09:18:11.851Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:18:11.851Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_una is properly initialized on connect\n\nThis is strictly related to commit fb7a0d334894 (\"mptcp: ensure snd_nxt\nis properly initialized on connect\"). It turns out that syzkaller can\ntrigger the retransmit after fallback and before processing any other\nincoming packet - so that snd_una is still left uninitialized.\n\nAddress the issue explicitly initializing snd_una together with snd_nxt\nand write_seq."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/protocol.c"], "versions": [{"version": "8fd738049ac3d67a937d36577763b47180aae1ad", "lessThan": "208cd22ef5e57f82d38ec11c1a1703f9401d6dde", "status": "affected", "versionType": "git"}, {"version": "8fd738049ac3d67a937d36577763b47180aae1ad", "lessThan": "7b9c7fc8600b64a86e4b47b2d190bba380267726", "status": "affected", "versionType": "git"}, {"version": "8fd738049ac3d67a937d36577763b47180aae1ad", "lessThan": "f03c46eabb3a67bd2993e237ab5517f00a5f1813", "status": "affected", "versionType": "git"}, {"version": "8fd738049ac3d67a937d36577763b47180aae1ad", "lessThan": "f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f", "status": "affected", "versionType": "git"}, {"version": "8fd738049ac3d67a937d36577763b47180aae1ad", "lessThan": "ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce", "status": "affected", "versionType": "git"}, {"version": "8fd738049ac3d67a937d36577763b47180aae1ad", "lessThan": "8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/protocol.c"], "versions": [{"version": "5.9", "status": "affected"}, {"version": "0", "lessThan": "5.9", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "5.10.221"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "5.15.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "6.1.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "6.6.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "6.9.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde"}, {"url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726"}, {"url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813"}, {"url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f"}, {"url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce"}, {"url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3"}], "title": "mptcp: ensure snd_una is properly initialized on connect", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.803Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:58.880895Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:02.638Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.803Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:58.880895Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.194Z"}}], "cna": {"title": "mptcp: ensure snd_una is properly initialized on connect", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8fd738049ac3", "lessThan": "208cd22ef5e5", "versionType": "git"}, {"status": "affected", "version": "8fd738049ac3", "lessThan": "7b9c7fc8600b", "versionType": "git"}, {"status": "affected", "version": "8fd738049ac3", "lessThan": "f03c46eabb3a", "versionType": "git"}, {"status": "affected", "version": "8fd738049ac3", "lessThan": "f1f0a46f8bb8", "versionType": "git"}, {"status": "affected", "version": "8fd738049ac3", "lessThan": "ef473bf1dd7e", "versionType": "git"}, {"status": "affected", "version": "8fd738049ac3", "lessThan": "8031b58c3a9b", "versionType": "git"}], "programFiles": ["net/mptcp/protocol.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.9"}, {"status": "unaffected", "version": "0", "lessThan": "5.9", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.221", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.95", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/mptcp/protocol.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde"}, {"url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726"}, {"url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813"}, {"url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f"}, {"url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce"}, {"url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_una is properly initialized on connect\n\nThis is strictly related to commit fb7a0d334894 (\"mptcp: ensure snd_nxt\nis properly initialized on connect\"). It turns out that syzkaller can\ntrigger the retransmit after fallback and before processing any other\nincoming packet - so that snd_una is still left uninitialized.\n\nAddress the issue explicitly initializing snd_una together with snd_nxt\nand write_seq."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:41.913Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40931", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:02.638Z", "dateReserved": "2024-07-12T12:17:45.583Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:09.778Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5906D3E8-EF84-4283-A4A5-0019A4E060E0", "versionEndExcluding": "5.10.221", "versionStartIncluding": "5.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_una is properly initialized on connect\n\nThis is strictly related to commit fb7a0d334894 (\"mptcp: ensure snd_nxt\nis properly initialized on connect\"). It turns out that syzkaller can\ntrigger the retransmit after fallback and before processing any other\nincoming packet - so that snd_una is still left uninitialized.\n\nAddress the issue explicitly initializing snd_una together with snd_nxt\nand write_seq."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: aseg\u00farese de que snd_una se inicialice correctamente al conectarse. Esto est\u00e1 estrictamente relacionado con el commit fb7a0d334894 (\"mptcp: aseg\u00farese de que snd_nxt se inicialice correctamente al conectarse\"). Resulta que syzkaller puede activar la retransmisi\u00f3n despu\u00e9s del respaldo y antes de procesar cualquier otro paquete entrante, de modo que snd_una a\u00fan permanece sin inicializar. Solucione el problema al inicializar expl\u00edcitamente snd_una junto con snd_nxt y write_seq."}], "id": "CVE-2024-40931", "lastModified": "2025-03-06T12:53:17.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:15.750", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:8617", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.42.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8617", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.42.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:9497", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.92.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-11-13T00:00:00Z"}, {"advisory": "RHSA-2024:9498", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.92.1.rt14.377.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-11-13T00:00:00Z"}], "bugzilla": {"description": "kernel: mptcp: ensure snd_una is properly initialized on connect", "id": "2297515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297515"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmptcp: ensure snd_una is properly initialized on connect\nThis is strictly related to commit fb7a0d334894 (\"mptcp: ensure snd_nxt\nis properly initialized on connect\"). It turns out that syzkaller can\ntrigger the retransmit after fallback and before processing any other\nincoming packet - so that snd_una is still left uninitialized.\nAddress the issue explicitly initializing snd_una together with snd_nxt\nand write_seq.", "A vulnerability was found in the Linux kernel's match component in the initialization of the snd_una variable while establishing a connection. The issue arises when retransmission occurs after a fallback, leaving the snd_una sequence number uninitialized, leading to unpredictable behavior and potential denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40931", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40931\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40931\nhttps://lore.kernel.org/linux-cve-announce/2024071216-CVE-2024-40931-77b2@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and downgrades the severity of this particular CVE from Moderate to Low.\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. \nAdditional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based denial of service (DoS) attacks.", "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object