CVE-2024-26708

Advisory lineage Upstream: 0 Downstream: 16
Analyzed
Published: 03 Apr 2024, 14:55
Last modified:11 May 2026, 20:02

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (cve.org)
EPSS Score
<0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

03 Apr 2024, 14:55
Published
Vulnerability first disclosed
11 May 2026, 20:02
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: really cope with fastopen race Fastopen and PM-trigger subflow shutdown can race, as reported by syzkaller. In my first attempt to close such race, I missed the fact that the subflow status can change again before the subflow_state_change callback is invoked. Address the issue additionally copying with all the states directly reachable from TCP_FIN_WAIT1.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 1%

Techniques & Countermeasures

  • CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

  • linuxlinux

    ≥ 1e777f39b4d75e599a3aac8e0f67d739474f198c, < 4bfe217e075d04e63c092df9d40c608e598c2ef2 | ≥ 1e777f39b4d75e599a3aac8e0f67d739474f198c, < e158fb9679d15a2317ec13b4f6301bd26265df2f | ≥ 1e777f39b4d75e599a3aac8e0f67d739474f198c, < 337cebbd850f94147cee05252778f8f78b8c337f | 6.2

  • linuxlinux_kernel

    ≥ 6.2, < 6.6.18 | ≥ 6.7, < 6.7.6 | 6.8:rc1 | 6.8:rc2 | 6.8:rc3 | 6.8:rc4

References (3)