CVE-2024-50185: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50185 affects the Linux kernel's MPTCP (Multipath TCP) implementation, specifically related to DSS (Data Sequence Signal) corruption handling. The vulnerability was discovered on November 8, 2024, and affects Linux kernel versions from 5.7 through 6.11.4. The issue involves bugged peer implementations sending corrupted DSS options, which consistently trigger warnings in the data path (NVD).

The vulnerability exists in the MPTCP subsystem's handling of corrupted DSS options. The issue stems from inconsistent handling of DSS corruption cases, which could lead to warning messages in the data path. The fix implements consistent error handling using DEBUG_NET assertions and adds proper MIB (Management Information Base) tracking for corruption events. The CVSS v3.1 base score is 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, the vulnerability can affect system availability through inconsistent handling of corrupted DSS options. The impact is primarily focused on the MPTCP subsystem's operation, potentially leading to service disruption when processing corrupted DSS options (NVD).

The issue has been patched in the Linux kernel with commits that implement proper handling of DSS corruption. The fix includes adding new MIB entries for tracking corruption events and implementing consistent error handling through either fallback or reset operations depending on the subflow type. Updates are available for affected Linux distributions (Kernel Patch).