CVE-2024-53047: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53047 affects the Linux kernel's MPTCP (Multipath TCP) implementation. The vulnerability was discovered when enabling CONFIG_PROVE_RCU_LIST with CONFIG_RCU_EXPERT, which revealed a missing RCU (Read-Copy-Update) read lock protection during MPTCP socket initialization. The issue was disclosed on November 19, 2024 and affects Linux kernel versions from 6.6 up to 6.11.7, as well as several 6.12 release candidates (NVD).

The vulnerability occurs in the mptcp_init_sock function within net/mptcp/protocol.c when initializing an MPTCP socket. The function calls mptcp_sched_find without proper RCU read lock protection, despite an explicit comment indicating the need for such protection. This results in an RCU list being traversed in a non-reader section, triggering a kernel warning. The issue has a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability can lead to improper locking in the MPTCP scheduler initialization, potentially causing system instability or denial of service conditions when MPTCP sockets are created. The impact is limited to local attacks and primarily affects system availability (NVD).

The issue has been fixed by adding proper RCU read lock protection in the mptcp_init_sock function. The fix involves wrapping the mptcp_sched_find call with rcu_read_lock() and rcu_read_unlock(). Users should update to patched kernel versions that include the fix (Kernel Patch).