CVE-2024-53047

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 27, 2024
CWE ID 667

Summary

CVE-2024-53047 is a vulnerability in the Linux kernel's MPTCP (MultiPath TCP) module. When an MPTCP socket is created, the function mptcp_sched_find fails to use the required rcu_read_lock(), leading to a warning about RCU-list traversal in a non-reader section. This issue can potentially cause system instability and may allow unintended access to system resources. The vulnerability can be mitigated by adding the missing lock/unlock in the mptcp_sched_find() function to ensure proper synchronization during socket initialization.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share