CVE-2024-45009

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mptcp: pm: only decrement add_addr_accepted for MPJ req<br /> <br /> Adding the following warning ...<br /> <br /> WARN_ON_ONCE(msk-&gt;pm.add_addr_accepted == 0)<br /> <br /> ... before decrementing the add_addr_accepted counter helped to find a<br /> bug when running the "remove single subflow" subtest from the<br /> mptcp_join.sh selftest.<br /> <br /> Removing a &amp;#39;subflow&amp;#39; endpoint will first trigger a RM_ADDR, then the<br /> subflow closure. Before this patch, and upon the reception of the<br /> RM_ADDR, the other peer will then try to decrement this<br /> add_addr_accepted. That&amp;#39;s not correct because the attached subflows have<br /> not been created upon the reception of an ADD_ADDR.<br /> <br /> A way to solve that is to decrement the counter only if the attached<br /> subflow was an MP_JOIN to a remote id that was not 0, and initiated by<br /> the host receiving the RM_ADDR.