CVE-2023-53072
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's MPTCP implementation that allows local attackers to potentially execute arbitrary code or crash the system. It affects Linux systems with MPTCP enabled, particularly those accepting incoming MPTCP connections. The vulnerability occurs when unaccepted MPTCP sockets are improperly destroyed, leading to memory corruption.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.
Likely Case
Kernel panic leading to denial of service (system crash) or local privilege escalation.
If Mitigated
Limited impact if MPTCP is disabled or systems are properly patched.
🎯 Exploit Status
Exploitation requires local access and MPTCP to be enabled. The vulnerability was discovered through fuzzing/syzkaller.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases containing commits 2827f099b3fb9a59263c997400e9182f5d423e84, 804cf487fb0031f3c74755b78d8663333f0ba636, b6985b9b82954caa53f862d6059d06c0526254f0
Vendor Advisory: https://git.kernel.org/stable/c/2827f099b3fb9a59263c997400e9182f5d423e84
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable MPTCP
linuxDisable Multipath TCP functionality if not required
sysctl -w net.mptcp.enabled=0
echo 'net.mptcp.enabled = 0' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Disable MPTCP using sysctl commands
- Restrict local user access to prevent exploitation by untrusted users
🔍 How to Verify
Check if Vulnerable:
Check if MPTCP is enabled: sysctl net.mptcp.enabled. Check kernel version against affected ranges.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and MPTCP is either disabled or patched version is running.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN reports of use-after-free in mptcp functions
- System crashes related to MPTCP
Network Indicators:
- MPTCP connection attempts followed by system instability
SIEM Query:
Search for kernel logs containing 'KASAN: use-after-free' or 'mptcp' with crash indicators