[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-36889":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":88,"related":89,"reserved_at":9,"published_at":100,"modified_at":101,"state":102,"summary":103,"references_raw":112,"kevs":146,"epss":147,"epss_history":150,"metrics":406,"affected":412},"CVE-2024-36889","In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_nxt is properly initialized on connect\n\nChristoph reported a splat hinting at a corrupted snd_una:\n\n  WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n  Modules linked in:\n  CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n  Workqueue: events mptcp_worker\n  RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n  Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8\n  \t8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe\n  \t\u003C0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9\n  RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293\n  RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4\n  RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001\n  RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n  R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000\n  R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000\n  FS:  0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0\n  Call Trace:\n   \u003CTASK>\n   __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]\n   mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]\n   __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615\n   mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767\n   process_one_work+0x1e0/0x560 kernel/workqueue.c:3254\n   process_scheduled_works kernel/workqueue.c:3335 [inline]\n   worker_thread+0x3c7/0x640 kernel/workqueue.c:3416\n   kthread+0x121/0x170 kernel/kthread.c:388\n   ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n   \u003C/TASK>\n\nWhen fallback to TCP happens early on a client socket, snd_nxt\nis not yet initialized and any incoming ack will copy such value\ninto snd_una. If the mptcp worker (dumbly) tries mptcp-level\nre-injection after such ack, that would unconditionally trigger a send\nbuffer cleanup using 'bad' snd_una values.\n\nWe could easily disable re-injection for fallback sockets, but such\ndumb behavior already helped catching a few subtle issues and a very\nlow to zero impact in practice.\n\nInstead address the issue always initializing snd_nxt (and write_seq,\nfor consistency) at connect time.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86],{"_key":23},"SUSE-SU-2024:2802-1",{"_key":25},"SUSE-SU-2024:2894-1",{"_key":27},"SUSE-SU-2024:2896-1",{"_key":29},"SUSE-SU-2024:2939-1",{"_key":31},"SUSE-SU-2024:2947-1",{"_key":33},"SUSE-SU-2024:2973-1",{"_key":35},"DLA-3843-1",{"_key":37},"DSA-5703-1",{"_key":39},"SUSE-SU-2025:20008-1",{"_key":41},"SUSE-SU-2025:20028-1",{"_key":43},"MGASA-2024-0263",{"_key":45},"MGASA-2024-0266",{"_key":47},"DEBIAN-CVE-2024-36889",{"_key":49},"RHSA-2024:10262",{"_key":51},"RHSA-2024:5101",{"_key":53},"RHSA-2024:5102",{"_key":55},"RHSA-2024:6998",{"_key":57},"RHSA-2024:8613",{"_key":59},"RHSA-2024:8614",{"_key":61},"RHSA-2024:8162",{"_key":63},"UBUNTU-CVE-2024-36889",{"_key":65},"USN-6949-1",{"_key":67},"USN-6949-2",{"_key":69},"USN-6950-1",{"_key":71},"USN-6950-2",{"_key":73},"USN-6950-3",{"_key":75},"USN-6950-4",{"_key":77},"USN-6952-1",{"_key":79},"USN-6952-2",{"_key":81},"USN-6955-1",{"_key":83},"USN-6956-1",{"_key":85},"USN-6957-1",{"_key":87},"USN-7019-1",[],[90,91,92,93,94,95,96,97,98,99],{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":39},{"_key":41},{"_key":43},{"_key":45},"2024-05-30T15:28:56.794Z","2026-05-11T20:16:27.021Z","Analyzed",{"cisa_kev":104,"cisa_ransomware":104,"cisa_vendor":9,"epss_severity":105,"epss_score":106,"severity":107,"severity_score":108,"severity_version":109,"severity_source":110,"severity_vector":111,"severity_status":102},false,"low",0.0001,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[113,119,123,127,131,135,139],{"url":114,"sources":115,"tags":117},"https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4",[116,110],"cve.org",[118],"Patch",{"url":120,"sources":121,"tags":122},"https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193",[116,110],[118],{"url":124,"sources":125,"tags":126},"https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012",[116,110],[118],{"url":128,"sources":129,"tags":130},"https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f",[116,110],[118],{"url":132,"sources":133,"tags":134},"https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe",[116,110],[118],{"url":136,"sources":137,"tags":138},"https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386",[116,110],[118],{"url":140,"sources":141,"tags":142},"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",[116,110],[143,144,145],"X Transferred","Third Party Advisory","Mailing List",[],{"date":148,"score":106,"percentile":149},"2026-06-03",0.01098,[151,155,158,161,164,166,169,172,175,178,181,184,187,190,193,197,200,203,206,209,212,215,218,221,224,227,230,233,236,239,242,245,248,251,253,256,258,261,264,267,270,273,276,279,282,285,288,291,293,296,299,302,305,308,311,313,316,318,320,323,326,329,331,334,337,339,342,345,348,351,354,356,358,360,362,365,368,370,372,375,377,380,383,386,389,392,394,397,400,403],{"date":152,"score":153,"percentile":154},"2025-11-04",0.00057,0.17816,{"date":156,"score":153,"percentile":157},"2025-11-05",0.17835,{"date":159,"score":153,"percentile":160},"2025-11-06",0.17804,{"date":162,"score":153,"percentile":163},"2025-11-07",0.17828,{"date":165,"score":153,"percentile":163},"2025-11-08",{"date":167,"score":153,"percentile":168},"2025-11-09",0.17802,{"date":170,"score":153,"percentile":171},"2025-11-10",0.17761,{"date":173,"score":153,"percentile":174},"2025-11-11",0.17776,{"date":176,"score":153,"percentile":177},"2025-11-12",0.17813,{"date":179,"score":153,"percentile":180},"2025-11-13",0.17842,{"date":182,"score":153,"percentile":183},"2025-11-14",0.17839,{"date":185,"score":153,"percentile":186},"2025-11-15",0.17806,{"date":188,"score":153,"percentile":189},"2025-11-16",0.17771,{"date":191,"score":153,"percentile":192},"2025-11-17",0.17736,{"date":194,"score":195,"percentile":196},"2025-11-18",0.00272,0.47523,{"date":198,"score":195,"percentile":199},"2025-11-19",0.47538,{"date":201,"score":195,"percentile":202},"2025-11-20",0.47519,{"date":204,"score":153,"percentile":205},"2025-11-21",0.1775,{"date":207,"score":153,"percentile":208},"2025-11-22",0.17765,{"date":210,"score":153,"percentile":211},"2025-11-23",0.17737,{"date":213,"score":153,"percentile":214},"2025-11-24",0.17703,{"date":216,"score":153,"percentile":217},"2025-11-25",0.17693,{"date":219,"score":153,"percentile":220},"2025-11-26",0.17689,{"date":222,"score":153,"percentile":223},"2025-11-27",0.17692,{"date":225,"score":153,"percentile":226},"2025-11-28",0.17681,{"date":228,"score":153,"percentile":229},"2025-11-29",0.17665,{"date":231,"score":153,"percentile":232},"2025-11-30",0.1767,{"date":234,"score":153,"percentile":235},"2025-12-01",0.17712,{"date":237,"score":153,"percentile":238},"2025-12-02",0.17721,{"date":240,"score":153,"percentile":241},"2025-12-03",0.17732,{"date":243,"score":153,"percentile":244},"2025-12-04",0.17695,{"date":246,"score":153,"percentile":247},"2025-12-05",0.17747,{"date":249,"score":153,"percentile":250},"2025-12-06",0.17752,{"date":252,"score":153,"percentile":192},"2025-12-07",{"date":254,"score":153,"percentile":255},"2025-12-08",0.17748,{"date":257,"score":153,"percentile":154},"2025-12-09",{"date":259,"score":153,"percentile":260},"2025-12-10",0.17878,{"date":262,"score":153,"percentile":263},"2025-12-11",0.17924,{"date":265,"score":153,"percentile":266},"2025-12-12",0.17968,{"date":268,"score":153,"percentile":269},"2025-12-13",0.17979,{"date":271,"score":153,"percentile":272},"2025-12-14",0.17927,{"date":274,"score":153,"percentile":275},"2025-12-15",0.17907,{"date":277,"score":153,"percentile":278},"2025-12-16",0.17941,{"date":280,"score":106,"percentile":281},"2025-12-17",0.00888,{"date":283,"score":106,"percentile":284},"2025-12-18",0.00882,{"date":286,"score":106,"percentile":287},"2025-12-19",0.00889,{"date":289,"score":106,"percentile":290},"2025-12-20",0.00887,{"date":292,"score":106,"percentile":287},"2025-12-21",{"date":294,"score":106,"percentile":295},"2025-12-22",0.00893,{"date":297,"score":106,"percentile":298},"2025-12-23",0.0089,{"date":300,"score":106,"percentile":301},"2025-12-24",0.00892,{"date":303,"score":106,"percentile":304},"2025-12-25",0.00897,{"date":306,"score":106,"percentile":307},"2025-12-26",0.00899,{"date":309,"score":106,"percentile":310},"2025-12-27",0.00901,{"date":312,"score":106,"percentile":304},"2025-12-28",{"date":314,"score":106,"percentile":315},"2025-12-29",0.00894,{"date":317,"score":106,"percentile":301},"2025-12-30",{"date":319,"score":106,"percentile":281},"2025-12-31",{"date":321,"score":106,"percentile":322},"2026-01-01",0.00907,{"date":324,"score":106,"percentile":325},"2026-01-02",0.00911,{"date":327,"score":106,"percentile":328},"2026-01-03",0.00912,{"date":330,"score":106,"percentile":290},"2026-01-04",{"date":332,"score":106,"percentile":333},"2026-01-05",0.00758,{"date":335,"score":106,"percentile":336},"2026-01-06",0.00755,{"date":338,"score":106,"percentile":336},"2026-01-07",{"date":340,"score":106,"percentile":341},"2026-01-08",0.0076,{"date":343,"score":106,"percentile":344},"2026-01-09",0.00768,{"date":346,"score":106,"percentile":347},"2026-01-10",0.00772,{"date":349,"score":106,"percentile":350},"2026-01-11",0.00771,{"date":352,"score":106,"percentile":353},"2026-01-12",0.00769,{"date":355,"score":106,"percentile":344},"2026-01-13",{"date":357,"score":106,"percentile":344},"2026-01-14",{"date":359,"score":106,"percentile":347},"2026-01-15",{"date":361,"score":106,"percentile":347},"2026-01-16",{"date":363,"score":106,"percentile":364},"2026-01-17",0.00773,{"date":366,"score":106,"percentile":367},"2026-01-18",0.00775,{"date":369,"score":106,"percentile":364},"2026-01-19",{"date":371,"score":106,"percentile":353},"2026-01-20",{"date":373,"score":106,"percentile":374},"2026-01-21",0.00767,{"date":376,"score":106,"percentile":344},"2026-01-22",{"date":378,"score":106,"percentile":379},"2026-01-23",0.00778,{"date":381,"score":106,"percentile":382},"2026-01-24",0.00784,{"date":384,"score":106,"percentile":385},"2026-01-25",0.00785,{"date":387,"score":106,"percentile":388},"2026-01-26",0.00786,{"date":390,"score":106,"percentile":391},"2026-01-27",0.00789,{"date":393,"score":106,"percentile":388},"2026-01-28",{"date":395,"score":106,"percentile":396},"2026-01-29",0.00788,{"date":398,"score":106,"percentile":399},"2026-01-30",0.008,{"date":401,"score":106,"percentile":402},"2026-01-31",0.00808,{"date":404,"score":106,"percentile":405},"2026-02-01",0.00813,[407],{"source":110,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":408,"cvss_v4_0":9},{"baseScore":108,"baseSeverity":409,"vectorString":111,"impactScore":410,"exploitabilityScore":411},"MEDIUM",6,4.6,[413,422,451],{"ecosystem":9,"name":414,"vendor":415,"product":416,"cpe_part":417,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":418},"debian linux","debian","debian_linux","o",[419],{"version":420,"is_range":104,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":423,"vendor":424,"product":424,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"Linux","linux","a",[427,434,437,440,443,446,449],{"version":428,"is_range":429,"range_type":116,"version_start":430,"version_start_type":431,"version_end":432,"version_end_type":433,"fixed_in":9},">= 8fd738049ac3d67a937d36577763b47180aae1ad, \u003C 99951b62bf20cec9247f633a3bea898338b9e5b4",true,"8fd738049ac3d67a937d36577763b47180aae1ad","including","99951b62bf20cec9247f633a3bea898338b9e5b4","excluding",{"version":435,"is_range":429,"range_type":116,"version_start":430,"version_start_type":431,"version_end":436,"version_end_type":433,"fixed_in":9},">= 8fd738049ac3d67a937d36577763b47180aae1ad, \u003C dc941fec0719d0471a5902424d6b2a17df233193","dc941fec0719d0471a5902424d6b2a17df233193",{"version":438,"is_range":429,"range_type":116,"version_start":430,"version_start_type":431,"version_end":439,"version_end_type":433,"fixed_in":9},">= 8fd738049ac3d67a937d36577763b47180aae1ad, \u003C 39ca83ed73db9edcc6d70c0dc7a73085a4725012","39ca83ed73db9edcc6d70c0dc7a73085a4725012",{"version":441,"is_range":429,"range_type":116,"version_start":430,"version_start_type":431,"version_end":442,"version_end_type":433,"fixed_in":9},">= 8fd738049ac3d67a937d36577763b47180aae1ad, \u003C aa0c07c1f20e05b30019bff083ec43665536f06f","aa0c07c1f20e05b30019bff083ec43665536f06f",{"version":444,"is_range":429,"range_type":116,"version_start":430,"version_start_type":431,"version_end":445,"version_end_type":433,"fixed_in":9},">= 8fd738049ac3d67a937d36577763b47180aae1ad, \u003C 592f69b41766d366dbb8ff4ef5a67c4396527bbe","592f69b41766d366dbb8ff4ef5a67c4396527bbe",{"version":447,"is_range":429,"range_type":116,"version_start":430,"version_start_type":431,"version_end":448,"version_end_type":433,"fixed_in":9},">= 8fd738049ac3d67a937d36577763b47180aae1ad, \u003C fb7a0d334894206ae35f023a82cad5a290fd7386","fb7a0d334894206ae35f023a82cad5a290fd7386",{"version":450,"is_range":104,"range_type":116,"version_start":450,"version_start_type":431,"version_end":450,"version_end_type":431,"fixed_in":9},"5.9",{"ecosystem":9,"name":452,"vendor":424,"product":453,"cpe_part":417,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":454},"linux kernel","linux_kernel",[455,458,462,466,470,474,476,478,480,482,484],{"version":456,"is_range":429,"range_type":421,"version_start":450,"version_start_type":431,"version_end":457,"version_end_type":433,"fixed_in":9},"gte5.9_lt5.10.218","5.10.218",{"version":459,"is_range":429,"range_type":421,"version_start":460,"version_start_type":431,"version_end":461,"version_end_type":433,"fixed_in":9},"gte5.11_lt5.15.159","5.11","5.15.159",{"version":463,"is_range":429,"range_type":421,"version_start":464,"version_start_type":431,"version_end":465,"version_end_type":433,"fixed_in":9},"gte5.16_lt6.1.91","5.16","6.1.91",{"version":467,"is_range":429,"range_type":421,"version_start":468,"version_start_type":431,"version_end":469,"version_end_type":433,"fixed_in":9},"gte6.2_lt6.6.31","6.2","6.6.31",{"version":471,"is_range":429,"range_type":421,"version_start":472,"version_start_type":431,"version_end":473,"version_end_type":433,"fixed_in":9},"gte6.7_lt6.8.10","6.7","6.8.10",{"version":475,"is_range":104,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.9:rc1",{"version":477,"is_range":104,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.9:rc2",{"version":479,"is_range":104,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.9:rc3",{"version":481,"is_range":104,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.9:rc4",{"version":483,"is_range":104,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.9:rc5",{"version":485,"is_range":104,"range_type":421,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.9:rc6"]