CVE-2021-47370
📋 TL;DR
A signed/unsigned integer comparison bug in the Linux kernel's MPTCP implementation causes TCP packets to lack required MPTCP extensions when transmitted. This can trigger kernel warnings and potentially cause denial of service or data corruption. Systems running affected Linux kernel versions with MPTCP enabled are vulnerable.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially allowing data corruption in network communications.
Likely Case
Kernel warning messages in logs and potential connection instability or termination for MPTCP connections.
If Mitigated
Minor performance impact from the kernel warning, but no system compromise if MPTCP is not critical.
🎯 Exploit Status
Exploitation requires triggering specific MPTCP conditions and may only cause warnings/crashes rather than code execution. Found via syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 977d293e23b48a1129830d7968605f61c4af71a0 and f8ff625a8082db8c2b58dcb5229b27928943b94b
Vendor Advisory: https://git.kernel.org/stable/c/977d293e23b48a1129830d7968605f61c4af71a0
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: apply security updates from your vendor. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable MPTCP
linuxDisable Multipath TCP functionality if not required
sysctl -w net.mptcp.enabled=0
🧯 If You Can't Patch
- Disable MPTCP via sysctl or kernel boot parameters
- Implement network segmentation to limit MPTCP traffic to trusted systems only
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if MPTCP is enabled: uname -r && sysctl net.mptcp.enabledCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than affected versions, and check that MPTCP functions without warnings in dmesg📡 Detection & Monitoring
Log Indicators:
- Kernel warning messages containing 'mptcp_sendmsg_frag' or 'WARNING' related to MPTCP in /var/log/kern.log or dmesg
Network Indicators:
- Unusual TCP connection resets or failures on systems using MPTCP
SIEM Query:
source="kernel" AND "mptcp" AND ("WARNING" OR "error")