Linux Kernel MPTCP Current Namespace Proxy Vulnerability Leading to General Protection Fault

A vulnerability in the Linux kernel's Multipath TCP (MPTCP) implementation can cause a general protection fault, likely due to a non-canonical address dereference. This issue arises from using the 'net' structure via 'current', which is discouraged. The problem occurs when 'current->nsproxy' is accessed after it has been dropped during task exit, leading to a null pointer dereference. The vulnerability was discovered by syzbot while using the 'acct' system call, causing a crash due to an invalid memory access.

Impact

Exploitation of this vulnerability leads to a general protection fault, causing a crash by dereferencing a null pointer, which is likely to be non-canonical.

Reproduction

The vulnerability can be reproduced by using the 'acct' system call in a context where 'current->nsproxy' has been dropped, such as during task exit. This can be done using a syzkaller fuzzer, which will trigger the null pointer dereference and cause a crash.