Volerion logoVolerion
Volerion logoVolerion

Linux Kernel MPTCP Fallback Action Atomicity Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Multipath TCP (MPTCP) implementation has been addressed. The issue arose because the fallback action and decision were not atomic, which could lead to inconsistencies in how MPTCP connections were managed. This vulnerability was reported by Syzkaller and is related to the handling of incoming MPTCP options, particularly in the context of established connections.

Impact

Exploitation of this vulnerability could lead to improper handling of MPTCP connections, potentially causing connection resets or other disruptions in data transmission.

Reproduction

The vulnerability can be reproduced by using Syzkaller, a fuzzing tool that can generate and send MPTCP packets with specific options. This will trigger the fallback process in the MPTCP implementation, where the lack of atomicity can be observed as a warning in the kernel logs.

Remediation

Users should upgrade to the latest stable version of the Linux kernel where this vulnerability has been fixed.

Added: Jul 28, 2025, 12:35 PM
Updated: Jul 28, 2025, 12:35 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.