[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-36889":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":21,"related":22,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":34,"epss":9,"epss_history":35,"metrics":36,"affected":43},"DEBIAN-CVE-2024-36889","In the Linux kernel, the following vulnerability has been resolved:  mptcp: ensure snd_nxt is properly initialized on connect  Christoph reported a splat hinting at a corrupted snd_una:    WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005   Modules linked in:   CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59   Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014   Workqueue: events mptcp_worker   RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005   Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8   \t8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe   \t\u003C0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9   RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293   RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4   RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001   RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000   R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000   R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000   FS:  0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000   CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033   CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0   Call Trace:    \u003CTASK>    __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]    mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]    __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615    mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767    process_one_work+0x1e0/0x560 kernel/workqueue.c:3254    process_scheduled_works kernel/workqueue.c:3335 [inline]    worker_thread+0x3c7/0x640 kernel/workqueue.c:3416    kthread+0x121/0x170 kernel/kthread.c:388    ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243    \u003C/TASK>  When fallback to TCP happens early on a client socket, snd_nxt is not yet initialized and any incoming ack will copy such value into snd_una. If the mptcp worker (dumbly) tries mptcp-level re-injection after such ack, that would unconditionally trigger a send buffer cleanup using 'bad' snd_una values.  We could easily disable re-injection for fallback sockets, but such dumb behavior already helped catching a few subtle issues and a very low to zero impact in practice.  Instead address the issue always initializing snd_nxt (and write_seq, for consistency) at connect time.",null,[],[],[],[14],{"_key":15},"CVE-2024-36889",[17,19],{"_key":18},"DLA-3843-1",{"_key":20},"DSA-5703-1",[],[],"2024-05-30T16:15:12.410Z","2026-04-28T20:28:05.428240Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28],{"url":29,"sources":30,"tags":32},"https://security-tracker.debian.org/tracker/CVE-2024-36889",[31],"osv_debian",[33],"Advisory",[],[],[37],{"source":31,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":38,"cvss_v4_0":9},{"baseScore":39,"baseSeverity":9,"vectorString":40,"impactScore":41,"exploitabilityScore":42},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[44],{"ecosystem":45,"name":46,"vendor":47,"product":46,"cpe_part":9,"purl_type":48,"purl_namespace":47,"purl_name":46,"source":9,"versions":49},"Debian","linux","debian","deb",[50,56,59,62],{"version":51,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":55,"fixed_in":9},"lt5_10_218_1",true,"ecosystem","5.10.218-1","excluding",{"version":57,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":55,"fixed_in":9},"lt6_1_94_1","6.1.94-1",{"version":60,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":55,"fixed_in":9},"lt6_8_11_1","6.8.11-1",{"version":60,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":55,"fixed_in":9}]