CVE-2024-53123 – A race condition vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2024-53123?

CVE-2024-53123 has a CVSS score of 5.5 (MEDIUM). A race condition vulnerability in the Linux kernel's MPTCP implementation can cause a division by zero error when handling disconnections, leading to kernel panic and system crash. This affects systems running vulnerable Linux kernel versions with MPTCP enabled. The vulnerability requires local access or network access to trigger.

📋 TL;DR

A race condition vulnerability in the Linux kernel's MPTCP implementation can cause a division by zero error when handling disconnections, leading to kernel panic and system crash. This affects systems running vulnerable Linux kernel versions with MPTCP enabled. The vulnerability requires local access or network access to trigger.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions containing the vulnerable MPTCP code (specific versions not explicitly stated but referenced in stable commits)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when MPTCP (Multipath TCP) is enabled and in use. Many distributions don't enable MPTCP by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or instability when MPTCP connections are terminated under specific timing conditions.

🟢

If Mitigated

Minor performance impact from proper error handling without crashes.

🌐 Internet-Facing: MEDIUM - Requires MPTCP connections which may be exposed to network traffic, but exploitation requires specific timing conditions.

🏢 Internal Only: MEDIUM - Local users or internal services using MPTCP could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Reproducer exists and was used to identify the vulnerability. Exploitation requires specific timing conditions during MPTCP disconnection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel commits: 581302298524e9d77c4c44ff5156a6cd112227ae, 955388e1d5d222c4101c596b536d41b91a8b212e, a66805c9b22caf4e42af7a616f6c6b83c90d1010, a749b23059b43a9b1787eb36c5d9d44150a34238

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check if MPTCP is enabled in current kernel. 3. Reboot system after kernel update. 4. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable MPTCP

linux

Disable Multipath TCP functionality if not required

echo 0 > /proc/sys/net/mptcp/enabled
sysctl -w net.mptcp.enabled=0

🧯 If You Can't Patch

Disable MPTCP functionality system-wide
Restrict MPTCP usage to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check if MPTCP is enabled: cat /proc/sys/net/mptcp/enabled (returns 1 if enabled). Check kernel version against affected versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits. Test MPTCP disconnection scenarios to ensure no crashes occur.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs mentioning 'divide error'
System crash dumps with MPTCP stack traces
Unexpected system reboots

Network Indicators:

Abnormal MPTCP connection terminations
Increased TCP resets on MPTCP connections

SIEM Query:

source="kernel" AND ("divide error" OR "MPTCP" OR "tcp_select_window")

📊 Metadata

CVE ID: CVE-2024-53123

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

Published: December 2, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53123, you might also want to check these: