CVE-2024-50083 Overview
CVE-2024-50083 is a vulnerability in the Linux kernel's MPTCP (Multipath TCP) implementation that causes Data Sequence Signal (DSS) corruption when handling large Path MTU (PMTU) transmissions. The vulnerability was discovered through Syzkaller fuzzing and can lead to system instability and denial of service conditions. The flaw exists in the TCP/MPTCP subsystem and affects the __mptcp_move_skbs_from_subflow function in net/mptcp/protocol.c.
Critical Impact
Remote attackers can exploit this vulnerability over the network without authentication to cause denial of service through kernel warnings and potential system crashes affecting MPTCP-enabled systems.
Affected Products
- Linux Kernel (multiple versions with MPTCP support)
- Linux Kernel 6.12-rc1
- Linux Kernel 6.12-rc2
Discovery Timeline
- 2024-10-29 - CVE CVE-2024-50083 published to NVD
- 2025-11-03 - Last updated in NVD database
Technical Details for CVE-2024-50083
Vulnerability Analysis
This vulnerability occurs in the Linux kernel's MPTCP protocol implementation when processing data during TCP MTU probe operations. During large PMTU transmissions, the kernel's handling of socket buffers (skbs) between MPTCP subflows becomes corrupted. The issue manifests as a kernel WARNING in the __mptcp_move_skbs_from_subflow function at line 695 of net/mptcp/protocol.c.
The corruption is triggered through a specific code path that involves tcp_mtu_probe during tcp_write_xmit, which subsequently interacts with the MPTCP data handling routines. When the system processes incoming TCP data through tcp_data_queue and mptcp_data_ready, the corrupted DSS state causes assertion failures in the kernel.
Root Cause
The root cause of this vulnerability lies in improper handling of socket buffer data when MPTCP subflows process large MTU probe transmissions. The DSS (Data Sequence Signal) metadata becomes inconsistent when the kernel attempts to move socket buffers between the subflow and the main MPTCP socket during concurrent transmission and reception operations. This state corruption violates internal kernel invariants, triggering the warning condition.
Attack Vector
The vulnerability is exploitable remotely over the network. An attacker can craft network traffic targeting MPTCP-enabled systems to trigger the vulnerable code path. The attack does not require authentication or user interaction. By manipulating network conditions to cause large PMTU transmissions during active MPTCP sessions, an attacker can induce the kernel warning and potentially cause denial of service through repeated exploitation or system instability.
The attack flow involves:
- Establishing or interacting with an MPTCP connection on the target system
- Triggering conditions that cause large Path MTU probe transmissions
- Exploiting the race condition in socket buffer handling between subflows
- Causing DSS corruption that triggers kernel warnings and potential crashes
Detection Methods for CVE-2024-50083
Indicators of Compromise
- Kernel WARNING messages in system logs referencing __mptcp_move_skbs_from_subflow at net/mptcp/protocol.c:695
- System log entries showing "Possible SYN flooding" warnings on MPTCP-enabled ports
- Unexpected kernel crashes or system instability on servers using MPTCP
- Abnormal MPTCP connection behavior or connection failures
Detection Strategies
- Monitor kernel logs for WARNING messages containing mptcp and protocol.c:695 patterns
- Implement network monitoring for unusual MPTCP traffic patterns or malformed packets
- Use kernel crash dump analysis to identify exploitation attempts targeting this vulnerability
- Deploy intrusion detection rules to detect potential MPTCP-based attacks
Monitoring Recommendations
- Enable kernel log monitoring with alerts for MPTCP-related warnings and errors
- Configure system monitoring to track kernel oops and warning events in real-time
- Monitor network interfaces for abnormal MPTCP session establishment patterns
- Implement SIEM rules to correlate MPTCP-related kernel events with network traffic anomalies
How to Mitigate CVE-2024-50083
Immediate Actions Required
- Update the Linux kernel to a patched version that includes the fix for this vulnerability
- If immediate patching is not possible, consider disabling MPTCP if not required for operations
- Monitor systems for signs of exploitation attempts through kernel log analysis
- Review and restrict network exposure of systems running vulnerable kernel versions
Patch Information
Linux kernel developers have released patches to address this vulnerability. The fix has been committed to the stable kernel branches. Patches are available through the following commits:
- Linux Kernel Commit 229dfdc
- Linux Kernel Commit 4dabcdf
- Linux Kernel Commit 9729010
- Linux Kernel Commit ba8e658
- Linux Kernel Commit c38add9
- Linux Kernel Commit db04d18
Distribution-specific advisories are also available from Debian LTS Announcement January 2025 and Debian LTS Announcement March 2025.
Workarounds
- Disable MPTCP support at the kernel level using sysctl: sysctl -w net.mptcp.enabled=0
- Block or restrict MPTCP traffic at network perimeter firewalls if not required
- Implement network segmentation to limit exposure of vulnerable systems
- Consider using network-level filtering to drop MPTCP option packets on systems where MPTCP is not needed
# Configuration example - Disable MPTCP if not required
# Check current MPTCP status
sysctl net.mptcp.enabled
# Disable MPTCP (temporary)
sysctl -w net.mptcp.enabled=0
# Disable MPTCP (persistent - add to /etc/sysctl.conf)
echo "net.mptcp.enabled=0" >> /etc/sysctl.conf
sysctl -p
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
