CVE-2023-53490 — Race Condition in Linux

CWE-362 — Race Condition CWE-368 — Context Switching Race Condition5 documents5 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 98.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite commit 0ad529d9fd2b ("mptcp: fix possible divide by zero in recvmsg()"), the mptcp protocol is still prone to a race between disconnect() (or shutdown) and accept. The root cause is that the mentioned commit checks the msk-level flag, but mptcp_stream_accept() does acquire the msk-level lock, as it can rely directly on the first subflow lock. As reported by Christoph than can lead…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel6.1.27 — 6.1.46+4

▶Debianlinux/linux_kernel< 6.1.52-1+2

▶CVEListV5linux/linuxb45d8f5375eda3ddc89fe529b58bb643917bd87b — ded9f5551ce5cafa3c41c794428c27a0d0a00542+4

▶debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-4xc2-jwrr-pxh9: In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite commit 0ad529d9fd2b ("mptcp: fix po↗2025-10-01

▶

OSV

CVE-2023-53490: In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite commit 0ad529d9fd2b ("mptcp: fix poss↗2025-10-01

▶

📋Vendor Advisories

Red Hat

kernel: mptcp: fix disconnect vs accept race↗2025-10-01

▶

Debian

CVE-2023-53490: linux - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix ...↗2023

▶