Linux Kernel MPTCP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's Multipath TCP (MPTCP) implementation. The issue arises when the TCP sorting anchor is initialized before the associated socket buffer is released. Under memory pressure, this can lead to a crash, as the kernel attempts to execute a non-executable protected page, potentially indicating an exploit attempt. The vulnerability has been resolved in the official Linux Git repository.

Impact

Exploitation of this vulnerability leads to a kernel crash, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by applying pressure to the MPTCP implementation, which triggers the issue by causing the TCP sorting anchor to be initialized before the socket buffer is properly released. This sequence of events can be monitored through the kernel's debugging output, which will show the crash and the associated call trace.