CVE-2024-53123: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted 6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163 Code: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8 0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 <f7> 7c 24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89 RSP: 0018:ffffc900041f7930 EFLAGS: 00010293 RAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b RDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004 RBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67 R10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80 R13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000 FS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493 mptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline] mptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289 inet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885 sock_recvmsg_nosec net/socket.c:1051 [inline] sock_recvmsg+0x1b2/0x250 net/socket.c:1073 __sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265 __do_sys_recvfrom net/socket.c:2283 [inline] __se_sys_recvfrom net/socket.c:2279 [inline] __x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feb5d857559 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d RAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559 RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000 R10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c R13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef and provided a nice reproducer. The root cause is the current bad handling of racing disconnect. After the blamed commit below, sk_wait_data() can return (with error) with the underlying socket disconnected and a zero rcv_mss. Catch the error and return without performing any additional operations on the current socket.
AI Analysis
Technical Summary
CVE-2024-53123 is a vulnerability identified in the Linux kernel's Multipath TCP (MPTCP) implementation. The issue arises from improper handling of racing disconnect events within the MPTCP protocol stack. Specifically, the vulnerability is triggered when the function sk_wait_data() returns an error due to the underlying socket being disconnected and the receive maximum segment size (rcv_mss) being zero. This leads to a division by zero error in the __tcp_select_window() function, causing a kernel panic (splat) and system crash. The root cause is a race condition where disconnect events are not handled early enough, allowing subsequent operations to be performed on a socket that is no longer valid. The vulnerability was reported by Eric and is reproducible, with detailed kernel stack traces showing the fault occurring during TCP output processing. The fix involves catching the error condition earlier and returning without further socket operations, preventing the division by zero. Affected versions include multiple recent Linux kernel commits prior to the patch. This vulnerability is critical because it can cause denial of service by crashing the kernel, impacting system availability. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-53123 primarily involves potential denial of service (DoS) conditions on Linux systems utilizing MPTCP. MPTCP is increasingly used in environments requiring robust multi-path network connectivity, such as data centers, cloud infrastructures, and enterprise networks. A successful exploitation could cause kernel panics leading to system crashes and service interruptions. This is particularly critical for organizations running Linux-based servers, network appliances, or cloud instances that rely on MPTCP for enhanced network resilience and performance. The disruption could affect critical services, including web hosting, cloud applications, and internal network communications, resulting in operational downtime and potential financial losses. Although no remote code execution or privilege escalation is indicated, the availability impact alone is significant for high-availability environments. Additionally, recovery from kernel panics may require manual intervention or automated failover mechanisms, increasing operational complexity. The lack of known exploits suggests a window for proactive patching to mitigate risks before active exploitation occurs.
Mitigation Recommendations
European organizations should prioritize applying the official Linux kernel patches that address this vulnerability as soon as they become available. Until patches are deployed, organizations should consider the following specific mitigations: 1) Disable MPTCP if it is not essential to operations, reducing the attack surface. 2) Implement kernel crash monitoring and automated recovery mechanisms to minimize downtime caused by potential crashes. 3) Conduct thorough testing of kernel updates in staging environments to ensure stability and compatibility before production deployment. 4) Monitor system logs for signs of unexpected socket disconnects or kernel errors related to TCP/MPTCP operations. 5) For cloud environments, leverage provider tools to quickly reboot or replace affected instances. 6) Network segmentation and limiting exposure of critical Linux servers to untrusted networks can reduce the likelihood of exploitation. 7) Maintain up-to-date inventory of Linux kernel versions in use to identify vulnerable systems promptly. These targeted actions go beyond generic advice by focusing on MPTCP-specific configurations and operational readiness for kernel panics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Italy, Spain, Poland
CVE-2024-53123: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted 6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163 Code: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8 0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 <f7> 7c 24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89 RSP: 0018:ffffc900041f7930 EFLAGS: 00010293 RAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b RDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004 RBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67 R10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80 R13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000 FS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493 mptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline] mptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289 inet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885 sock_recvmsg_nosec net/socket.c:1051 [inline] sock_recvmsg+0x1b2/0x250 net/socket.c:1073 __sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265 __do_sys_recvfrom net/socket.c:2283 [inline] __se_sys_recvfrom net/socket.c:2279 [inline] __x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feb5d857559 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d RAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559 RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000 R10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c R13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef and provided a nice reproducer. The root cause is the current bad handling of racing disconnect. After the blamed commit below, sk_wait_data() can return (with error) with the underlying socket disconnected and a zero rcv_mss. Catch the error and return without performing any additional operations on the current socket.
AI-Powered Analysis
Technical Analysis
CVE-2024-53123 is a vulnerability identified in the Linux kernel's Multipath TCP (MPTCP) implementation. The issue arises from improper handling of racing disconnect events within the MPTCP protocol stack. Specifically, the vulnerability is triggered when the function sk_wait_data() returns an error due to the underlying socket being disconnected and the receive maximum segment size (rcv_mss) being zero. This leads to a division by zero error in the __tcp_select_window() function, causing a kernel panic (splat) and system crash. The root cause is a race condition where disconnect events are not handled early enough, allowing subsequent operations to be performed on a socket that is no longer valid. The vulnerability was reported by Eric and is reproducible, with detailed kernel stack traces showing the fault occurring during TCP output processing. The fix involves catching the error condition earlier and returning without further socket operations, preventing the division by zero. Affected versions include multiple recent Linux kernel commits prior to the patch. This vulnerability is critical because it can cause denial of service by crashing the kernel, impacting system availability. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-53123 primarily involves potential denial of service (DoS) conditions on Linux systems utilizing MPTCP. MPTCP is increasingly used in environments requiring robust multi-path network connectivity, such as data centers, cloud infrastructures, and enterprise networks. A successful exploitation could cause kernel panics leading to system crashes and service interruptions. This is particularly critical for organizations running Linux-based servers, network appliances, or cloud instances that rely on MPTCP for enhanced network resilience and performance. The disruption could affect critical services, including web hosting, cloud applications, and internal network communications, resulting in operational downtime and potential financial losses. Although no remote code execution or privilege escalation is indicated, the availability impact alone is significant for high-availability environments. Additionally, recovery from kernel panics may require manual intervention or automated failover mechanisms, increasing operational complexity. The lack of known exploits suggests a window for proactive patching to mitigate risks before active exploitation occurs.
Mitigation Recommendations
European organizations should prioritize applying the official Linux kernel patches that address this vulnerability as soon as they become available. Until patches are deployed, organizations should consider the following specific mitigations: 1) Disable MPTCP if it is not essential to operations, reducing the attack surface. 2) Implement kernel crash monitoring and automated recovery mechanisms to minimize downtime caused by potential crashes. 3) Conduct thorough testing of kernel updates in staging environments to ensure stability and compatibility before production deployment. 4) Monitor system logs for signs of unexpected socket disconnects or kernel errors related to TCP/MPTCP operations. 5) For cloud environments, leverage provider tools to quickly reboot or replace affected instances. 6) Network segmentation and limiting exposure of critical Linux servers to untrusted networks can reduce the likelihood of exploitation. 7) Maintain up-to-date inventory of Linux kernel versions in use to identify vulnerable systems promptly. These targeted actions go beyond generic advice by focusing on MPTCP-specific configurations and operational readiness for kernel panics.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:24.994Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd01e
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 10:25:08 PM
Last updated: 8/18/2025, 11:23:35 PM
Views: 14
Related Threats
CVE-2025-9193: Open Redirect in TOTVS Portal Meu RH
MediumCVE-2025-9176: OS Command Injection in neurobin shc
MediumCVE-2025-9175: Stack-based Buffer Overflow in neurobin shc
MediumCVE-2025-9174: OS Command Injection in neurobin shc
MediumCVE-2025-9171: Cross Site Scripting in SolidInvoice
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.