Main Vulnerability Database SB20241022118

SB20241022118 - Improper locking in Linux kernel mptcp

Published: October 22, 2024 Updated: May 12, 2025

Security Bulletin ID SB20241022118

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2022-49018)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mptcp_subflow_queue_clean() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/d8e6c5500dbf0f3e87aace90d4beba6ae928e866
https://git.kernel.org/stable/c/b4f166651d03b5484fa179817ba8ad4899a5a6ac
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1