CVE-2025-21707: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21707 affects the Linux kernel's MPTCP (Multipath TCP) implementation. The vulnerability was discovered and disclosed in February 2025, specifically related to how MPTCP handles suboption status. The issue stems from inconsistent initialization of status fields in the MPTCP code, where zeroing the bitmask before parsing is insufficient to ensure a consistent status (NVD).

The vulnerability exists in the MPTCP code's handling of received sub-options status, which uses a bitmask for received suboptions and several bitfields for per-suboption additional info. The current schema is fragile, as it requires clearing both the bitmask and individual bitfields depending on the parsed suboption. This led to a path where relevant bitfields were not properly cleared/initialized, resulting in the use of uninitialized values. The issue was detected by the Kernel Memory Sanitizer (KMSAN) in the _mptcpexpand_seq function (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to the use of uninitialized memory values in MPTCP operations, potentially causing system instability or crashes. The impact is primarily focused on availability, with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed by consolidating all state-related data together and clearing the whole group instead of individual fields. The fix involves restructuring the code to use struct_group for status fields and implementing proper initialization. The patch has been merged into the Linux kernel (Kernel Patch).