PT-2024-35588 · Linux+11 · Linux Kernel+11

Published

2024-11-08

Updated

2026-03-14

CVE-2024-53122

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65

Description The issue concerns a vulnerability in the Linux kernel related to the mptcp rcv space adjust function, where additional active subflows created by the in-kernel path manager are included in the subflow list before starting the 3whs. A racing recvmsg() call that queues data received on an already established subflow could unconditionally call tcp cleanup rbuf() on all current subflows, potentially causing a divide by zero error on newly created ones. To address this, the kernel now explicitly checks that the subflow is in a suitable state before invoking tcp cleanup rbuf().

Recommendations For Linux kernel versions prior to 6.6.65, update to version 6.6.65 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mptcp rcv space adjust function until a patch is available. Avoid using the recvmsg() function on already established subflows in vulnerable versions to minimize the risk of exploitation.

Exploit

Fix

DoS

Race Condition

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-369

Related Identifiers

ALSA-2025:0059

ALSA-2025:0065

ALSA-2025:0066

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-16040

ALT-PU-2024-17211

ALT-PU-2024-17888

ALT-PU-2025-12647

AZL-54209

AZL-54255

BDU:2025-03323

CESA-2025_0065

CESA-2025_0066

CESA-2025_0109

CVE-2024-53122

DLA-4008-1

INFSA-2025_0059

INFSA-2025_0065

INFSA-2025_0066

MGASA-2024-0392

MGASA-2024-0393

OESA-2025-1093

OESA-2025-1097

OPENSUSE-SU-2025_0117-1

OPENSUSE-SU-2025_0153-1

OPENSUSE-SU-2025_0154-1

OPENSUSE-SU-2025_0201-1

OPENSUSE-SU-2025_0229-1

RHSA-2025:0049

RHSA-2025:0050

RHSA-2025:0051

RHSA-2025:0052

RHSA-2025:0053

RHSA-2025:0054

RHSA-2025:0055

RHSA-2025:0056

RHSA-2025:0057

RHSA-2025:0058

RHSA-2025:0059

RHSA-2025:0060

RHSA-2025:0061

RHSA-2025:0062

RHSA-2025:0063

RHSA-2025:0064

RHSA-2025:0065

RHSA-2025:0066

RHSA-2025:0067

RHSA-2025:0109

RHSA-2025_0059

RHSA-2025_0065

RHSA-2025_0066

RLSA-2025:0065

RLSA-2025:0066

SUSE-SU-2025:0117-1

SUSE-SU-2025:0153-1

SUSE-SU-2025:0154-1

SUSE-SU-2025:0201-1

SUSE-SU-2025:0201-2

SUSE-SU-2025:0229-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

SUSE-SU-2025_0201-1

SUSE-SU-2025_0201-2

USN-7276-1

USN-7277-1

USN-7310-1

USN-7387-1

USN-7387-2

USN-7387-3

USN-7388-1

USN-7389-1

USN-7390-1

USN-7407-1

USN-7421-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7458-1

USN-7459-1

USN-7459-2

USN-7468-1

USN-7523-1

USN-7524-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-35588 · Linux+11 · Linux Kernel+11

CVE-2024-53122

Weakness Enumeration

Related Identifiers

Affected Products

References · 2833