CVE-2024-44974
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's MPTCP subsystem. Attackers could potentially exploit this to cause kernel crashes or execute arbitrary code. Systems running affected Linux kernel versions with MPTCP enabled are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.
Likely Case
Kernel crash causing denial of service, potentially leading to system instability or reboot.
If Mitigated
No impact if MPTCP is disabled or systems are patched.
🎯 Exploit Status
Exploitation requires specific conditions in MPTCP connection handling and kernel memory manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 0201d65d9806d287a00e0ba96f0321835631f63f, 2b4f46f9503633dade75cb796dd1949d0e6581a1, 48e50dcbcbaaf713d82bf2da5c16aeced94ad07d, 9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8, ddee5b4b6a1cc03c1e9921cf34382e094c2009f1
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify MPTCP functionality if required.
🔧 Temporary Workarounds
Disable MPTCP
linuxDisable Multipath TCP functionality if not required
sysctl -w net.mptcp.enabled=0
echo 'net.mptcp.enabled = 0' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Disable MPTCP using sysctl commands
- Implement network segmentation to limit MPTCP traffic to trusted sources only
🔍 How to Verify
Check if Vulnerable:
Check if MPTCP is enabled: sysctl net.mptcp.enabled. Check kernel version: uname -r and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and MPTCP is either disabled or running patched code. Check for presence of patch commits in kernel source.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- MPTCP connection errors
- System crash/reboot events
Network Indicators:
- Unusual MPTCP connection patterns
- MPTCP protocol anomalies
SIEM Query:
source="kernel" AND ("panic" OR "oops") AND mptcp🔗 References
- https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f
- https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1
- https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d
- https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8
- https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1
- https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
