CVE-2024-53122

Advisory lineage Upstream: 0 Downstream: 57

Downstream

DEBIAN-CVE-2024-53122 DLA-4008-1 MGASA-2024-0392 MGASA-2024-0393 RHSA-2025:0049 RHSA-2025:0050

Modified

Published: 02 Dec 2024, 13:44

Last modified:11 May 2026, 20:51

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Dec 2024, 13:44

Published

Vulnerability first disclosed

11 May 2026, 20:51

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf().

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 0%

Techniques & Countermeasures

CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

linux•linux
≥ c76c6956566f974bac2470bd72fc22fb923e04a1, < 0a9a182ea5c7bb0374e527130fd85024ace7279b | ≥ c76c6956566f974bac2470bd72fc22fb923e04a1, < 24995851d58c4a205ad0ffa7b2f21e479a9c8527 | ≥ c76c6956566f974bac2470bd72fc22fb923e04a1, < ff825ab2f455299c0c7287550915a8878e2a66e0 | ≥ c76c6956566f974bac2470bd72fc22fb923e04a1, < aad6412c63baa39dd813e81f16a14d976b3de2e8 | ≥ c76c6956566f974bac2470bd72fc22fb923e04a1, < ce7356ae35943cc6494cc692e62d51a734062b7d | 5.10
linux•linux_kernel
≥ 5.10, < 6.1.119 | ≥ 6.2, < 6.6.63 | ≥ 6.7, < 6.11.10 | 6.12:rc1 | 6.12:rc2 | 6.12:rc3 | 6.12:rc4 | 6.12:rc5 | 6.12:rc6 | 6.12:rc7