CVE-2024-46711: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46711 affects the Linux kernel's MPTCP (Multipath TCP) implementation. The vulnerability was discovered in September 2024 and involves incorrect handling of endpoint ID 0 usage after multiple re-creations. The issue affects Linux kernel versions from 6.0 up to versions before 6.1.109, 6.2 to before 6.6.49, 6.7 to before 6.10.8, and various 6.11 release candidates (NVD).

The vulnerability stems from improper handling of 'local_addr_used' and 'add_addr_accepted' counters in the MPTCP implementation. These counters are decremented for addresses not related to the initial subflow (ID0), as the source and destination addresses of initial subflows are known from the beginning. The issue occurs when the entrypoint used by the initial subflow is removed and re-added during a connection, where the counters are incorrectly incremented. This prevents the entrypoint from being removed and re-added more than once (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can prevent proper functionality of MPTCP connections when attempting to remove and re-add the initial subflow's entrypoint multiple times. This limitation could affect network reliability and flexibility in MPTCP-enabled systems (Kernel Patch).

The issue has been fixed in the Linux kernel through patches that modify the behavior of counter increments for ID0 endpoints. The fix ensures that 'local_addr_used' and 'add_addr_accepted' are only incremented for non-ID0 addresses. Users should upgrade to Linux kernel versions 6.1.109, 6.6.49, 6.10.8 or later, depending on their kernel series (NVD).