SB20250227126 - Improper locking in Linux kernel mptcp
Published: February 27, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250227126
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-21705)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mptcp_sendmsg_fastopen() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0263fb2e7b7b88075a5d86e74c4384ee4400828d
- https://git.kernel.org/stable/c/619af16b3b57a3a4ee50b9a30add9ff155541e71
- https://git.kernel.org/stable/c/6ec806762318a4adde0ea63342d42d0feae95079
- https://git.kernel.org/stable/c/73e268b4be27b36ae68ea10755cb003f43b38884
- https://git.kernel.org/stable/c/84ac44d9fed3a56440971cbd7600a02b70b5b32a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.13