Linux Kernel TCP CDG Congestion Control Double-Free Vulnerability

Vulnerability

A double-free vulnerability has been identified in the Linux kernel's TCP congestion control, specifically within the CDG (Congestion Detection General) algorithm. This issue arises when MPTCP (Multipath TCP) calls tcp_disconnect() on a flow that has already been disconnected. While this behavior is generally acceptable, it creates a problem for flows using the CDG congestion control, potentially leading to a double-free error. The vulnerability has been addressed by allowing tcp_cdg_release() to be called multiple times, making the tcp_disconnect() function more resilient.

Impact

Exploitation of this vulnerability could lead to a double-free error, causing memory corruption issues.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel TCP CDG Congestion Control Double-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating