CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect

Published Jul 12, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

mptcp: ensure snduna is properly initialized on connect

This is strictly related to commit fb7a0d334894 ("mptcp: ensure sndnxt is properly initialized on connect"). It turns out that syzkaller can trigger the retransmit after fallback and before processing any other incoming packet - so that snduna is still left uninitialized.

Address the issue explicitly initializing snduna together with sndnxt and writeseq.

Affected Software

20 affected componentsFixes available
Linux Linux kernel>=5.9<5.10.221
Linux Linux kernel>=5.11<5.15.162
Linux Linux kernel>=5.16<6.1.95
Linux Linux kernel>=6.2<6.6.35
Linux Linux kernel>=6.7<6.9.6
Linux Linux kernel=6.10-rc1
Linux Linux kernel=6.10-rc2
Linux Linux kernel=6.10-rc3
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-1
debian/linux-6.1
6.1.129-1~deb11u1
redhat/kernel<5.10.221
5.10.221
redhat/kernel<5.15.162
5.15.162
redhat/kernel<6.1.95
6.1.95
redhat/kernel<6.6.35
6.6.35
redhat/kernel<6.9.6
6.9.6
redhat/kernel<6.10
6.10

Remediation

Patch Available

https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde

Patch Available

https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726

Patch Available

https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3

Patch Available

https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce

Patch Available

https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813

Patch Available

https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f

Event History

Jul 12, 2024
CVE Published
via MITRE·12:25 PM
Data Sourced
via MITRE·12:25 PM
Description
Data Sourced
via NVD·01:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Apr 27, 2025
Data Sourced
via Ubuntu·05:24 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-40931?

CVE-2024-40931 has a medium severity rating due to its potential impact on system stability.

2

How do I fix CVE-2024-40931?

To fix CVE-2024-40931, you should update the Linux kernel to one of the recommended versions specified in the advisory.

3

What systems are affected by CVE-2024-40931?

CVE-2024-40931 affects specific versions of the Linux kernel across Red Hat and Debian distributions.

4

Can CVE-2024-40931 be exploited remotely?

CVE-2024-40931 can potentially be exploited remotely if specific conditions are met.

5

What is MPTCP in relation to CVE-2024-40931?

MPTCP, or MultiPath TCP, is a protocol whose improper handling in the Linux kernel is addressed by CVE-2024-40931.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2024-40931 - mptcp: ensure snd_una is properly initialized on connect - SecAlerts