CVE-2024-45010 is a vulnerability identified in the Linux kernel's implementation of Multipath TCP (MPTCP), specifically within the path manager (pm) component that handles subflow endpoint management. MPTCP allows a single TCP connection to use multiple paths to maximize resource usage and increase redundancy. The vulnerability arises from incorrect handling of the local_addr_used counter, which tracks the usage of local addresses associated with 'subflow' endpoints. The issue occurs when a 'signal' endpoint is removed: the kernel erroneously decrements the local_addr_used counter, which should only be decremented for 'subflow' endpoints. This incorrect decrement can lead to inconsistent internal state within the MPTCP path manager, potentially causing logic errors or resource mismanagement. The fix involves adding a conditional check to decrement the counter only when removing 'subflow' endpoints and ensuring the ID is valid and in use. The vulnerability was discovered through self-tests (mptcp_join.sh) and involves kernel code that manages the lifecycle of MPTCP subflows and signal endpoints. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability affects specific Linux kernel versions identified by commit hashes, indicating it is a recent and targeted fix in the kernel source code.

For European organizations relying on Linux-based infrastructure, especially those utilizing MPTCP for network redundancy, load balancing, or multi-homed connectivity, this vulnerability could lead to instability or unexpected behavior in network connections. While there is no direct evidence of remote code execution or privilege escalation, the incorrect management of internal counters could cause denial of service conditions by triggering kernel warnings or crashes under specific network conditions involving MPTCP subflows. This could disrupt critical services, particularly in sectors like telecommunications, cloud service providers, and enterprises using advanced networking features. The impact is more pronounced in environments where MPTCP is actively used, such as data centers or ISPs. Given the Linux kernel's widespread use in European government, financial, and industrial systems, any kernel-level instability poses a risk to availability and reliability. However, since exploitation requires specific conditions and no active exploits are known, the immediate risk is moderate but should be addressed promptly to prevent potential future exploitation or service disruption.

European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-45010 as soon as they become available from their Linux distribution vendors. Since this vulnerability is in the kernel's MPTCP path manager, organizations that do not use MPTCP can consider disabling the MPTCP feature to reduce attack surface. Network administrators should audit their systems to identify usage of MPTCP and monitor kernel logs for WARN_ON_ONCE messages related to local_addr_used counters, which could indicate attempts to trigger the bug. Additionally, thorough testing of network configurations involving MPTCP subflows should be conducted in staging environments before deploying kernel updates to production. For critical infrastructure, implementing kernel live patching solutions can minimize downtime during remediation. Finally, organizations should maintain robust network monitoring to detect anomalies in TCP connections that might be related to this vulnerability.