CVE-2024-53122

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 2, 2024
Updated: Dec 14, 2024
CWE ID 362

Summary

CVE-2024-53122 is a vulnerability affecting the Linux kernel. In the function mptcp_rcv_space_adjust, an issue was discovered where additional active subflows are included in the subflow list before starting the 3whs. If a racing recvmsg() occurs while data is being spooled on an already established subflow, tcp_cleanup_rbuf() is unconditionally called on all current subflows, potentially causing a divide-by-zero error on newly created subflows. This vulnerability has been resolved by checking the subflow state before invoking tcp_cleanup_rbuf().

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share