Volerion logoVolerion
Volerion logoVolerion

Linux Kernel MPTCP TCP Options Overflow Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Multipath TCP (MPTCP) implementation has been identified, which can lead to data stream corruption. This issue arises from a bug in the computation of MPTCP option lengths, particularly with the ADD_ADDR option, which can interfere with the previously established DSS option. The vulnerability was reported by Syzbot, highlighting a general protection fault related to non-canonical addresses, indicating a null pointer dereference. The flaw allows for improper handling of TCP options, potentially leading to a privilege escalation.

Impact

The vulnerability causes a corruption of TCP option information, specifically within the MPTCP protocol, which could disrupt data streams and potentially lead to a privilege escalation, according to the author.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.3
remediation
7.7
relevance
0.0
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.