#VU100131 Reachable assertion in Linux kernel - CVE-2024-50185
Vulnerability identifier: #VU100131
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50185
CWE-ID:
CWE-617
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/fde99e972b8f88cebe619241d7aa43d288ef666a
https://git.kernel.org/stable/c/12c1676d598e3b8dd92a033b623b792cc2ea1ec5
https://git.kernel.org/stable/c/35668f8ec84f6c944676e48ecc6bbc5fc8e6fe25
https://git.kernel.org/stable/c/b8be15d1ae7ea4eedd547c3b3141f592fbddcd30
https://git.kernel.org/stable/c/8bfd391bde685df7289b928ce8876a3583be4bfb
https://git.kernel.org/stable/c/e32d262c89e2b22cb0640223f953b548617ed8a6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
