Linux Kernel MPTCP Protocol Fallback Detection Vulnerability

A vulnerability in the Linux kernel's Multipath TCP (MPTCP) implementation has been addressed. The issue arose from the sockmap feature, which allows BPF syscalls from userspace. This feature replaced the socket's protocol with custom interfaces, leading to incorrect protocol handling. When a server with MPTCP enabled received a TCP SYN without MPTCP from a client, it triggered a fallback that improperly restored the native protocol, causing potential issues with sockmap's custom protocol handling. The vulnerability could be exploited by manipulating TCP connections to disrupt the expected MPTCP behavior, particularly in scenarios where BPF sock operations are involved.

Impact

Exploitation of this vulnerability could lead to improper handling of TCP connections, causing disruptions in applications relying on MPTCP.

Reproduction

To reproduce this vulnerability, a server must be set up with MPTCP enabled. Then, a client should be made to send a TCP SYN packet without MPTCP. This will trigger the fallback mechanism in the MPTCP implementation, replacing the protocol handling in a way that can disrupt applications using sockmap features.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed.