Vulnerability Details : CVE-2021-47152
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix data stream corruption
Maxim reported several issues when forcing a TCP transparent proxy
to use the MPTCP protocol for the inbound connections. He also
provided a clean reproducer.
The problem boils down to 'mptcp_frag_can_collapse_to()' assuming
that only MPTCP will use the given page_frag.
If others - e.g. the plain TCP protocol - allocate page fragments,
we can end-up re-using already allocated memory for mptcp_data_frag.
Fix the issue ensuring that the to-be-expanded data fragment is
located at the current page frag end.
v1 -> v2:
- added missing fixes tag (Mat)
Products affected by CVE-2021-47152
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2021-47152
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-47152
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2021-47152 | 2024-03-25 |
References for CVE-2021-47152
-
https://git.kernel.org/stable/c/3267a061096efc91eda52c2a0c61ba76e46e4b34
mptcp: fix data stream corruption - kernel/git/stable/linux.git - Linux kernel stable tree
-
https://git.kernel.org/stable/c/29249eac5225429b898f278230a6ca2baa1ae154
mptcp: fix data stream corruption - kernel/git/stable/linux.git - Linux kernel stable tree
-
https://git.kernel.org/stable/c/18e7f0580da15cac1e79d73683ada5a9e70980f8
mptcp: fix data stream corruption - kernel/git/stable/linux.git - Linux kernel stable tree
Jump to