#VU101113 Race condition within a thread in Linux kernel - CVE-2024-53124

Cybersecurity Help s.r.o.

Published: 2024-12-03 | Updated: 2025-05-12

Vulnerability identifier: #VU101113

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53124

CWE-ID: CWE-366

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the tcp_v6_do_rcv() function in net/ipv6/tcp_ipv6.c, within the dccp_v6_do_rcv() function in net/dccp/ipv6.c. A local user can corrupt data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.11, 6.11.1, 6.11.2, 6.11.3, 6.11.4, 6.11.5, 6.11.6, 6.11.7, 6.11.8, 6.11.9

External links
https://git.kernel.org/stable/c/073d89808c065ac4c672c0a613a71b27a80691cb
https://git.kernel.org/stable/c/d285eb9d0641c8344f2836081b4ccb7b3c5cc1b6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.10

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-raspi-5.4

Ubuntu update for linux-raspi

SUSE update for the Linux Kernel

Anolis OS update for kernel:5.10

Ubuntu update for linux-gcp-5.15

Ubuntu update for linux-ibm-5.15

Ubuntu update for linux-ibm-5.4

Ubuntu update for linux-intel-iotg-5.15

SUSE update for the Linux Kernel