Уязвимость CVE-2024-35840

Пакет	Статус	Версия исправления	Релиз	Тип
linux	fixed	6.7.7-1		package
linux	fixed	6.1.76-1	bookworm	package
linux	not-affected		buster	package

CVE-2024-35840

ubuntu

около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in mptcp_parse_option()

CVE-2024-35840

CVSS3: 5.5

redhat

около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in mptcp_parse_option()

CVE-2024-35840

nvd

около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in mptcp_parse_option()

GHSA-9268-35c3-9w2w

github

около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in mptcp_parse_option()

BDU:2024-10027

CVSS3: 5.5

fstec

больше 1 года назад

Уязвимость компонента mptcp ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

exploitDog

CVE-2024-35840

Описание

Пакеты

Примечания

Связанные уязвимости