CVE-2023-53072

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5

Description A use-after-free (UaF) issue was reported in the Linux kernel, specifically in the mptcp module, at token lookup time after refactoring the passive socket initialization part. The issue occurs when the token bucket busy function attempts to read from a freed memory address. This is caused by the improper cleanup of paired MPTCP-level resources when an unaccepted subflow is destroyed by TCP internals. The estimated number of potentially affected devices is not provided.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the mptcp module, ensuring that the mptcp destroy sock function is always called on msk sockets, even on accepted ones. As a temporary workaround, consider disabling the mptcp module until a patch is available. Restrict access to the vulnerable mptcp token new connect function to minimize the risk of exploitation. Avoid using the mptcp sendmsg function in the affected API endpoint until the issue is resolved.