CVE-2024-35840

Published: May 17, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in mptcp_parse_option()

Vendor	Product	Versions
Linux	Linux	affected `f296234c98a8fcec94eec80304a873f635d350ea - < 413b913507326972135d2977975dbff8b7f2c453` affected `f296234c98a8fcec94eec80304a873f635d350ea - < 51e4cb032d49ce094605f27e45eabebc0408893c` affected `f296234c98a8fcec94eec80304a873f635d350ea - < ad3e8f5c3d5c53841046ef7a947c04ad45a20721` affected `f296234c98a8fcec94eec80304a873f635d350ea - < 76e8de7273a22a00d27e9b8b7d4d043d6433416a` affected `f296234c98a8fcec94eec80304a873f635d350ea - < be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb`
Linux	Linux	affected `5.7` unaffected `0 - < 5.7` unaffected `5.15.148 - <= 5.15.` unaffected `6.1.75 - <= 6.1.` unaffected `6.6.14 - <= 6.6.*` +2 more versions

References

https://git.kernel.org/stable/c/413b913507326972135d2977975dbff8b7f2c453

https://git.kernel.org/stable/c/51e4cb032d49ce094605f27e45eabebc0408893c

https://git.kernel.org/stable/c/ad3e8f5c3d5c53841046ef7a947c04ad45a20721

https://git.kernel.org/stable/c/76e8de7273a22a00d27e9b8b7d4d043d6433416a

https://git.kernel.org/stable/c/be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-35840

Description

Affected Products

References