CVE-2024-26782: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26782 is a double-free vulnerability discovered in the Linux kernel's MPTCP (Multipath TCP) implementation. The issue occurs when an MPTCP server accepts an incoming connection and clones its listener socket, where the pointer to 'inet_opt' for the new socket maintains the same value as the original one. This vulnerability was discovered in April 2024 and affects Linux kernel versions from 5.6 through 6.8-rc1 (NVD).

The vulnerability manifests as a double-free condition in the inetsockdestruct function. When the MPTCP server clones a listener socket for incoming connections, it fails to properly duplicate the IP/IPv6 options, leading to the same memory area being freed twice during socket dismantling. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Kernel Patch).

The vulnerability can result in a kernel crash due to double-free memory corruption, potentially leading to denial of service. The issue affects both IPv4 and IPv6 implementations, with similar refcount underflow problems occurring with CALIPSO/IPv6 (Kernel Patch).

The issue has been fixed by implementing proper duplication of IP and IPv6 options after socket cloning. The fix involves adding new functions mptcpcopyipoptions and mptcpcopyip6options to ensure proper handling of socket options during cloning operations. The patch has been merged into the mainline kernel and backported to affected stable kernel versions (Kernel Patch).