CVE-2024-36889 is a vulnerability identified in the Linux kernel's implementation of Multipath TCP (MPTCP), specifically related to the initialization of the snd_nxt variable during connection setup. MPTCP is an extension of TCP that allows multiple paths to be used simultaneously between two endpoints, improving redundancy and throughput. The vulnerability arises because when a fallback to standard TCP occurs early on a client socket, snd_nxt (the next sequence number to send) is not properly initialized. Consequently, any incoming acknowledgment (ACK) may copy an uninitialized snd_nxt value into snd_una (the oldest unacknowledged sequence number). If the MPTCP worker then attempts to perform retransmissions or reinjections at the MPTCP level using these corrupted snd_una values, it triggers an improper cleanup of the send buffer. This can lead to kernel warnings and potentially unstable behavior, as indicated by the kernel stack trace and warning messages reported by Christoph. The root cause is that snd_nxt and related sequence variables are not initialized at connect time for fallback sockets, leading to corrupted state during retransmission logic. The fix involves ensuring that snd_nxt and write_seq are properly initialized during connection establishment, preventing the propagation of invalid sequence numbers and avoiding the send buffer corruption. Although the vulnerability can cause kernel warnings and potentially disrupt MPTCP operations, the impact is considered low to zero in practice because the fallback sockets are rare and the behavior does not typically lead to system crashes or remote code execution. No known exploits are reported in the wild, and the vulnerability does not require user interaction or authentication to manifest but depends on specific MPTCP fallback scenarios. This vulnerability affects Linux kernel versions containing the faulty commit hashes listed, and it was publicly disclosed on May 30, 2024.

For European organizations, the impact of CVE-2024-36889 is primarily related to network reliability and stability rather than direct security compromise. Organizations relying on Linux servers or network appliances that utilize MPTCP for enhanced network performance or redundancy could experience kernel warnings, degraded network performance, or unexpected retransmission behavior. This could affect critical infrastructure, cloud service providers, telecommunications, and enterprises with complex network topologies. While the vulnerability does not appear to allow privilege escalation or remote code execution, the instability in network stack behavior could lead to service interruptions or degraded quality of service. In sectors such as finance, healthcare, and critical infrastructure where Linux-based systems are prevalent, even minor disruptions can have operational consequences. However, given the low practical impact and absence of known exploits, the threat level is moderate. Organizations using Linux kernels with MPTCP enabled should be aware of this issue, especially if fallback to TCP is common in their network environment.

1. Apply the official Linux kernel patches that initialize snd_nxt and write_seq properly during connection setup. Monitor Linux kernel updates and deploy them promptly. 2. Audit network configurations to identify if MPTCP is enabled and assess the frequency of fallback to TCP scenarios. If MPTCP is not required, consider disabling it to reduce attack surface. 3. Monitor kernel logs for warnings related to __mptcp_clean_una and related functions to detect potential exploitation or instability. 4. Test kernel updates in staging environments to ensure stability of MPTCP operations post-patch. 5. For critical systems, implement network redundancy and failover mechanisms independent of MPTCP to mitigate potential disruptions. 6. Engage with Linux distribution vendors for backported patches if using long-term support kernels. 7. Educate network and system administrators about this vulnerability to improve incident response readiness.