Linux Kernel MPTCP Subflow Context Reset Vulnerability on Disconnect

A vulnerability in the Linux kernel's Multipath TCP (MPTCP) implementation can lead to improper handling of subflow contexts during disconnection. This issue arises after a specific commit, where if an MPTCP subflow is already in TCP_CLOSE status or has reverted to standard TCP when the disconnection occurs, the process fails to reset the subflow context correctly. As a result, subsequent connections may not properly acknowledge MPTCP requirements, potentially causing warnings about subflow data readiness. This vulnerability affects the Linux kernel in versions prior to 6.18.0-rc7-05427-g11fc074f6c36.

Impact

Exploitation of this vulnerability can lead to warnings about subflow data readiness, indicating a mismanagement of the MPTCP subflow context. Such warnings can disrupt normal data flow and processing within the MPTCP implementation, potentially leading to degraded performance or connectivity issues.

Reproduction

The vulnerability can be reproduced by establishing an MPTCP connection and then disconnecting it while the subflow is in TCP_CLOSE status or has reverted to standard TCP. After disconnection, a warning will appear about the subflow data readiness, indicating that the context was not properly reset.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.