{"id":"CVE-2021-47591","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: remove tcp ulp setsockopt support\n\nTCP_ULP setsockopt cannot be used for mptcp because its already\nused internally to plumb subflow (tcp) sockets to the mptcp layer.\n\nsyzbot managed to trigger a crash for mptcp connections that are\nin fallback mode:\n\nKASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]\nCPU: 1 PID: 1083 Comm: syz-executor.3 Not tainted 5.16.0-rc2-syzkaller #0\nRIP: 0010:tls_build_proto net/tls/tls_main.c:776 [inline]\n[..]\n __tcp_set_ulp net/ipv4/tcp_ulp.c:139 [inline]\n tcp_set_ulp+0x428/0x4c0 net/ipv4/tcp_ulp.c:160\n do_tcp_setsockopt+0x455/0x37c0 net/ipv4/tcp.c:3391\n mptcp_setsockopt+0x1b47/0x2400 net/mptcp/sockopt.c:638\n\nRemove support for TCP_ULP setsockopt.","modified":"2026-03-14T11:19:16.632244Z","published":"2024-06-19T15:15:53.700Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/3de0c86d42f841d1d64f316cd949e65c566f0734"},{"type":"FIX","url":"https://git.kernel.org/stable/c/404cd9a22150f24acf23a8df2ad0c094ba379f57"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.13"},{"fixed":"5.15.11"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc5"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47591.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}