Race Condition in Linux Kernel's MPTCP Implementation
CVE-2023-53490

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
1 October 2025

What is CVE-2023-53490?

A race condition vulnerability in the MPTCP protocol of the Linux kernel has been identified, which can lead to a NULL pointer dereference. The flaw arises from a timing issue between the disconnect and accept functions, potentially allowing an attacker to exploit the situation when accept() is called, creating instability in the system. It is critical for users to apply patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

Linux b45d8f5375eda3ddc89fe529b58bb643917bd87b

Linux 2a6a870e44dd88f1a6a2893c65ef756a9edfb4c7

Linux 2a6a870e44dd88f1a6a2893c65ef756a9edfb4c7 < 511b90e39250135a7f900f1c3afbce25543018a2

References

https://git.kernel.org/stable/c/ded9f5551ce5cafa3c41c7944...
https://git.kernel.org/stable/c/b2b4c84eb7149f34c0f25f170...
https://git.kernel.org/stable/c/511b90e39250135a7f900f1c3...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-53490 : Race Condition in Linux Kernel's MPTCP Implementation