Primary

Context

Linux Kernel MPTCP Fast Open Disconnect Handling Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Multipath TCP (MPTCP) implementation has been addressed. The issue arose from improper management of disconnect events generated internally by the MPTCP protocol, particularly in response to FASTOPEN connection errors. This mismanagement led to data stream corruption, as reported by Syzbot. The vulnerability was present in version 6.13.0-rc2.

Impact

The vulnerability could be exploited to corrupt data streams, potentially leading to application-level errors or disruptions in communication.

Reproduction

The vulnerability can be reproduced by using the MPTCP protocol with FASTOPEN connections. The improper handling of disconnect events will trigger the data stream corruption.

Remediation

Users should update to the latest stable version of the Linux kernel where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel MPTCP Fast Open Disconnect Handling Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating