CVE-2024-50085
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's MPTCP (Multipath TCP) implementation. It allows attackers with local access to potentially crash the kernel or execute arbitrary code by triggering a race condition during address/subflow removal. Any system running an affected Linux kernel with MPTCP enabled is vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution.
Likely Case
Kernel crash causing denial of service, potentially requiring system reboot.
If Mitigated
System remains stable if MPTCP is disabled or proper access controls prevent local exploitation.
🎯 Exploit Status
Exploitation requires local access and triggering a specific race condition in MPTCP operations. The syzkaller report suggests the vulnerability is triggerable but weaponization status is unknown.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 35301636439138b821f1f6169bd00d348ebd388a, 7b2e478abab0b3a33515433a6af563aebba773c1, 7decd1f5904a489d3ccdcf131972f94645681689, a8c36ea4ef9a350816f6556c5c5b63810f84b538, da3343bc0839b180fd9af9c27fa456d8231409f9
Vendor Advisory: https://git.kernel.org/stable/c/35301636439138b821f1f6169bd00d348ebd388a
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for patched kernel packages. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable MPTCP
linuxDisable the MPTCP subsystem if not required, eliminating the vulnerability.
echo 'net.mptcp.enabled=0' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Restrict local user access to prevent exploitation by untrusted users
- Monitor system logs for kernel crashes or suspicious MPTCP-related activity
🔍 How to Verify
Check if Vulnerable:
Check if MPTCP is enabled: sysctl net.mptcp.enabled (returns 1 if enabled). Check kernel version against affected ranges.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits. Check with: uname -r and compare with patched versions from your distribution.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN reports mentioning mptcp_pm_nl_rm_addr_or_subflow
- System crash/reboot events
Network Indicators:
- Unusual MPTCP connection attempts if monitoring network traffic
SIEM Query:
event_type:kernel_panic OR process_name:kernel AND message:"mptcp_pm_nl_rm_addr_or_subflow"🔗 References
- https://git.kernel.org/stable/c/35301636439138b821f1f6169bd00d348ebd388a
- https://git.kernel.org/stable/c/7b2e478abab0b3a33515433a6af563aebba773c1
- https://git.kernel.org/stable/c/7decd1f5904a489d3ccdcf131972f94645681689
- https://git.kernel.org/stable/c/a8c36ea4ef9a350816f6556c5c5b63810f84b538
- https://git.kernel.org/stable/c/da3343bc0839b180fd9af9c27fa456d8231409f9
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
