{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service due to NULL pointer dereference in mptcp fastopen",
    "id" : "2425184",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425184"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmptcp: fix NULL pointer dereference on fastopen early fallback\nIn case of early fallback to TCP, subflow_syn_recv_sock() deletes\nthe subflow context before returning the newly allocated sock to\nthe caller.\nThe fastopen path does not cope with the above unconditionally\ndereferencing the subflow context.", "A flaw was found in the Linux kernel's Multipath TCP (mptcp) implementation. During an early fallback to TCP in the fastopen process, the system incorrectly deletes a subflow context before it is no longer needed. This can lead to a NULL pointer dereference, allowing a local attacker with low privileges to cause a Denial of Service (DoS) by crashing the system." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54085\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54085\nhttps://lore.kernel.org/linux-cve-announce/2025122405-CVE-2023-54085-7e32@gregkh/T" ],
  "name" : "CVE-2023-54085",
  "csaw" : false
}