CVE-2023-54176Improper Privilege Management in Linux

CWE-269Improper Privilege Management7 documents6 sources
Severity
5.8MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: stricter state check in mptcp_worker As reported by Christoph, the mptcp protocol can run the worker when the relevant msk socket is in an unexpected state: connect() // incoming reset + fastclose // the mptcp worker is scheduled mptcp_disconnect() // msk is now CLOSED listen() mptcp_worker() Leading to the following splat: divide error: 0000 [#1] PREEMPT SMP CPU: 1 PID: 21 Comm: kworker/1:0 Not tainted 6.3.0-rc1-gde

Affected Packages4 packages

Linuxlinux/linux_kernel5.11.05.15.108+2
Debianlinux/linux_kernel< 6.1.25-1+2
CVEListV5linux/linuxe16163b6e2b720fb74e5af758546f6dad27e6c9ef0b4a4086cf27240fc621a560da9735159049dcc+4
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-rpwv-q8h7-6mvf: In the Linux kernel, the following vulnerability has been resolved: mptcp: stricter state check in mptcp_worker As reported by Christoph, the mptcp2025-12-30
OSV
CVE-2023-54176: In the Linux kernel, the following vulnerability has been resolved: mptcp: stricter state check in mptcp_worker As reported by Christoph, the mptcp pr2025-12-30
OSV
mptcp: stricter state check in mptcp_worker2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: mptcp: stricter state check in mptcp_worker2025-12-30
Debian
CVE-2023-54176: linux - In the Linux kernel, the following vulnerability has been resolved: mptcp: stri...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54176 Impact, Exploitability, and Mitigation Steps | Wiz