Linux Kernel TCP MTU Probing Vulnerability Leading to Potential Zero-Divide Errors

A vulnerability in the Linux kernel's TCP implementation can lead to potential zero-division errors during MTU (Maximum Transmission Unit) probing. This issue arises because, while the TCP MTU probing function checks that the congestion window is sufficiently large to initiate a probe, there is no safeguard to prevent the congestion window from being reduced before the probe can complete. The vulnerability affects several versions of the Linux kernel, including 5.18.0.

Impact

Exploitation of this vulnerability could cause zero-division errors, potentially leading to undefined behavior in the TCP stack.

Reproduction

The vulnerability can be reproduced by initiating a TCP connection and manually adjusting the congestion window to a value greater than or equal to 11. Once the MTU probe is started, the congestion window can be reduced, causing the probe to fail and potentially leading to a zero-division error.