PT-2024-35589 · Linux+7 · Linux Kernel+7
Eric Dumazet
·
Published
2024-11-08
·
Updated
2025-10-03
·
CVE-2024-53123
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.65
Description
A division by zero error was reported in the MPTCP protocol of the Linux kernel. The root cause is the current bad handling of racing disconnect. After a specific commit,
sk wait data() can return with an error and the underlying socket disconnected, resulting in a zero rcv mss. The error occurs when tcp select window() is called, leading to a divide error. The issue is resolved by catching the error and returning without performing any additional operations on the current socket.Recommendations
To resolve the issue, update the Linux kernel to version 6.6.65 or later. As a temporary workaround, consider disabling the
mptcp recvmsg() function until a patch is available. Restrict access to the vulnerable mptcp protocol to minimize the risk of exploitation. Avoid using the rcv mss variable in the affected API endpoint until the issue is resolved.Exploit
Fix
Divide By Zero
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu