CVE-2024-53122 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc7::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.34.1.rt7.375.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2025:0066	2025-01-08T00:00:00Z
kernel-0:4.18.0-553.34.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:0065	2025-01-08T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:0109	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
kernel-0:4.18.0-305.148.1.el8_4	cpe:/o:redhat:rhel_aus:8.4	RHSA-2025:0061	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
kernel-rt-0:4.18.0-305.148.1.rt7.225.el8_4	cpe:/a:redhat:rhel_tus:8.4::nfv	RHSA-2025:0060	2025-01-08T00:00:00Z
kernel-0:4.18.0-305.148.1.el8_4	cpe:/o:redhat:rhel_tus:8.4	RHSA-2025:0061	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
kpatch-patch	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2025:0053	2025-01-08T00:00:00Z
kernel-0:4.18.0-305.148.1.el8_4	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2025:0061	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.134.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2025:0055	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.134.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2025:0055	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.134.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2025:0055	2025-01-08T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2025:0067	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kpatch-patch	cpe:/o:redhat:rhel_eus:8.8	RHSA-2025:0051	2025-01-08T00:00:00Z
kernel-0:4.18.0-477.86.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2025:0062	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.21.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:0059	2025-01-08T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:0049	2025-01-08T00:00:00Z
kernel-0:5.14.0-503.21.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:0059	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
kernel-0:5.14.0-70.122.1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:0058	2025-01-08T00:00:00Z
kernel-rt-0:5.14.0-70.122.1.rt21.194.el9_0	cpe:/a:redhat:rhel_e4s:9.0::nfv	RHSA-2025:0056	2025-01-08T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:9.0	RHSA-2025:0050	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.99.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:0063	2025-01-08T00:00:00Z
kernel-rt-0:5.14.0-284.99.1.rt14.384.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2025:0064	2025-01-08T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:9.2	RHSA-2025:0054	2025-01-08T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
kernel-0:5.14.0-427.50.1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:0057	2025-01-08T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:9.4	RHSA-2025:0052	2025-01-08T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/0a9a182ea5c7bb0374e527130fd85024ace7279b
https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527
https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8
https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d
https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0
https://lore.kernel.org/linux-cve-announce/2024120252-CVE-2024-53122-f35c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-53122
https://www.cve.org/CVERecord?id=CVE-2024-53122

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00029}`	epss `{'score': 0.0003}`

Thu, 13 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_e4s:9.0::nfv cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::nfv cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 cpe:/o:redhat:rhel_aus:8.4 cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.4 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_e4s:9.0 cpe:/o:redhat:rhel_eus:8.8 cpe:/o:redhat:rhel_eus:9.2 cpe:/o:redhat:rhel_eus:9.4 cpe:/o:redhat:rhel_tus:8.4 cpe:/o:redhat:rhel_tus:8.6
Vendors & Products		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus

Sat, 14 Dec 2024 21:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/0a9a182ea5c7bb0374e527130fd85024ace7279b

Wed, 11 Dec 2024 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-362
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc7::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 05 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-369
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`	cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Important`

Tue, 03 Dec 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024120252-CVE-2024-53122-f35c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-53122 https://www.cve.org/CVERecord?id=CVE-2024-53122
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 02 Dec 2024 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf().
Title		mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
References		https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527 https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8 https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-02T13:44:52.678Z

Updated: 2025-05-04T09:53:34.823Z

Reserved: 2024-11-19T17:17:24.994Z

Link: CVE-2024-53122

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-12-02T14:15:13.010

Modified: 2024-12-14T21:15:36.393

Link: CVE-2024-53122

Redhat

Severity : Important

Publid Date: 2024-12-02T00:00:00Z

Links: CVE-2024-53122 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53122", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.994Z", "datePublished": "2024-12-02T13:44:52.678Z", "dateUpdated": "2025-05-04T09:53:34.823Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:53:34.823Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\n\nAdditional active subflows - i.e. created by the in kernel path\nmanager - are included into the subflow list before starting the\n3whs.\n\nA racing recvmsg() spooling data received on an already established\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\ncurrent subflows, potentially hitting a divide by zero error on\nthe newly created ones.\n\nExplicitly check that the subflow is in a suitable state before\ninvoking tcp_cleanup_rbuf()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/protocol.c"], "versions": [{"version": "c76c6956566f974bac2470bd72fc22fb923e04a1", "lessThan": "0a9a182ea5c7bb0374e527130fd85024ace7279b", "status": "affected", "versionType": "git"}, {"version": "c76c6956566f974bac2470bd72fc22fb923e04a1", "lessThan": "24995851d58c4a205ad0ffa7b2f21e479a9c8527", "status": "affected", "versionType": "git"}, {"version": "c76c6956566f974bac2470bd72fc22fb923e04a1", "lessThan": "ff825ab2f455299c0c7287550915a8878e2a66e0", "status": "affected", "versionType": "git"}, {"version": "c76c6956566f974bac2470bd72fc22fb923e04a1", "lessThan": "aad6412c63baa39dd813e81f16a14d976b3de2e8", "status": "affected", "versionType": "git"}, {"version": "c76c6956566f974bac2470bd72fc22fb923e04a1", "lessThan": "ce7356ae35943cc6494cc692e62d51a734062b7d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mptcp/protocol.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.174", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.119", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.63", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.10", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.15.174"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.1.119"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.6.63"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.11.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0a9a182ea5c7bb0374e527130fd85024ace7279b"}, {"url": "https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527"}, {"url": "https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0"}, {"url": "https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8"}, {"url": "https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d"}], "title": "mptcp: cope racing subflow creation in mptcp_rcv_space_adjust", "x_generator": {"engine": "bippy-1.2.0"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A2C9B37-E912-41BB-9EF9-3BC3C5E13B09", "versionEndExcluding": "6.1.119", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8800BB45-48BC-4B52-BDA5-B1E4633F42E5", "versionEndExcluding": "6.6.63", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A", "versionEndExcluding": "6.11.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*", "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\n\nAdditional active subflows - i.e. created by the in kernel path\nmanager - are included into the subflow list before starting the\n3whs.\n\nA racing recvmsg() spooling data received on an already established\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\ncurrent subflows, potentially hitting a divide by zero error on\nthe newly created ones.\n\nExplicitly check that the subflow is in a suitable state before\ninvoking tcp_cleanup_rbuf()."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: creaci\u00f3n de subflujo de ejecuci\u00f3n en mptcp_rcv_space_adjust Los subflujos activos adicionales (es decir, creados por el administrador de rutas en el kernel) se incluyen en la lista de subflujos antes de iniciar 3whs. Un recvmsg() de ejecuci\u00f3n que pone en cola los datos recibidos en un subflujo ya establecido llamar\u00eda incondicionalmente a tcp_cleanup_rbuf() en todos los subflujos actuales, lo que podr\u00eda provocar un error de divisi\u00f3n por cero en los reci\u00e9n creados. Verifique expl\u00edcitamente que el subflujo est\u00e9 en un estado adecuado antes de invocar tcp_cleanup_rbuf()."}], "id": "CVE-2024-53122", "lastModified": "2024-12-14T21:15:36.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-02T14:15:13.010", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0a9a182ea5c7bb0374e527130fd85024ace7279b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/24995851d58c4a205ad0ffa7b2f21e479a9c8527"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aad6412c63baa39dd813e81f16a14d976b3de2e8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ce7356ae35943cc6494cc692e62d51a734062b7d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ff825ab2f455299c0c7287550915a8878e2a66e0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0066", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.34.1.rt7.375.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0065", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.34.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0109", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0061", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "kernel-0:4.18.0-305.148.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0060", "cpe": "cpe:/a:redhat:rhel_tus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.148.1.rt7.225.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0061", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "kernel-0:4.18.0-305.148.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0053", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0061", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "kernel-0:4.18.0-305.148.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0055", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.134.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0055", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.134.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0055", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.134.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0067", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0051", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0062", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.86.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0059", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.21.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0049", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0059", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.21.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0058", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.122.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0056", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.122.1.rt21.194.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0050", "cpe": "cpe:/o:redhat:rhel_e4s:9.0", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0063", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.99.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0064", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.99.1.rt14.384.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0054", "cpe": "cpe:/o:redhat:rhel_eus:9.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0057", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.50.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0052", "cpe": "cpe:/o:redhat:rhel_eus:9.4", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-08T00:00:00Z"}], "bugzilla": {"description": "kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust", "id": "2329932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329932"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-369", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\nAdditional active subflows - i.e. created by the in kernel path\nmanager - are included into the subflow list before starting the\n3whs.\nA racing recvmsg() spooling data received on an already established\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\ncurrent subflows, potentially hitting a divide by zero error on\nthe newly created ones.\nExplicitly check that the subflow is in a suitable state before\ninvoking tcp_cleanup_rbuf().", "A divide by zero flaw was found in the Linux kernel's Multipath TCP (MPTCP). This issue could allow a remote user to crash the system."], "mitigation": {"lang": "en:us", "value": "If enabled, you may disable MPTCP support. For more information please read https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/getting-started-with-multipath-tcp_configuring-and-managing-networking#preparing-rhel-to-enable-mptcp-support_getting-started-with-multipath-tcp"}, "name": "CVE-2024-53122", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53122\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53122\nhttps://lore.kernel.org/linux-cve-announce/2024120252-CVE-2024-53122-f35c@gregkh/T"], "statement": "By default, the MPTCP support is disabled in RHEL. This bug is only applicable if enabled.", "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object