Bug 2134380 (CVE-2022-4128) - CVE-2022-4128 kernel: mptcp: NULL pointer dereference in subflow traversal at disconnect time
Summary: CVE-2022-4128 kernel: mptcp: NULL pointer dereference in subflow traversal at...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-4128
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2137858 2145214 2145215 2145216
Blocks: 2121459
TreeView+ depends on / blocked
 
Reported: 2022-10-13 10:08 UTC by Mauro Matteo Cascella
Modified: 2023-05-09 17:12 UTC (History)
34 users (show)

Fixed In Version: kernel 5.19
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference issue was discovered in the Linux kernel. This issue occurs in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could potentially crash the system, causing a denial of service.
Clone Of:
Environment:
Last Closed: 2023-05-09 17:12:45 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:2148 0 None None None 2023-05-09 07:11:57 UTC
Red Hat Product Errata RHSA-2023:2458 0 None None None 2023-05-09 07:51:38 UTC

Description Mauro Matteo Cascella 2022-10-13 10:08:39 UTC 
At disconnect time the MPTCP protocol traverse the subflows list closing each of them. In some circumstances - MPJ subflow, passive MPTCP socket, the latter operation can remove the subflow from the list, invalidating the current iterator. This could lead to a NULL pointer dereference issue.

Upstream patch & commit:
https://lore.kernel.org/netdev/20220708233610.410786-2-mathew.j.martineau@linux.intel.com/
https://github.com/torvalds/linux/commit/5c835bb142d4
Comment 5 Mauro Matteo Cascella 2022-11-23 14:23:59 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2145216]
Comment 6 Justin M. Forbes 2022-11-30 20:06:12 UTC 
This was fixed for Fedora with the 5.18.13 stable kernel updates.
Comment 9 errata-xmlrpc 2023-05-09 07:11:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2148 https://access.redhat.com/errata/RHSA-2023:2148
Comment 10 errata-xmlrpc 2023-05-09 07:51:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2458 https://access.redhat.com/errata/RHSA-2023:2458
Comment 11 Product Security DevOps Team 2023-05-09 17:12:41 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-4128
Note You need to log in before you can comment on or make changes to this bug.