CVE-2023-53088

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A use-after-free issue was found in the mptcp listener shutdown path in the Linux kernel. This issue can occur when the msk grace period expires between the last reference count drop in mptcp subflow queue clean() and the later access in inet csk listen stop(). The problem was reported by Christoph after refactoring the passive socket initialization.

Recommendations For Linux kernel versions prior to the fixed version, consider applying the patch that fixes the use-after-free issue in the mptcp listener shutdown path. This patch removes the unnecessary code for msk listener socket cleanup, as the mptcp worker will process each of the unaccepted msk sockets. Ensure that the patch depends on the two parent patches: 'mptcp: refactor passive socket initialization' and 'mptcp: use the workqueue to destroy unaccepted sockets'.