CVE-2026-23169
Severity
4.7MEDIUM
EPSS
0.0%
top 99.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()
and/or mptcp_pm_nl_is_backup()
Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()
which is not RCU ready.
list_splice_init_rcu() can not be called here while holding pernet->lock
spinlock.
Many thanks to Eulgyu Kim for providing a repro and testing our patches.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
▶CVEListV5linux/linux141694df6573b49aa4143c92556544b4b0bbda72 — 338d40bab283da2639780ee3e458fb61f1567d8c+6
Patches
🔴Vulnerability Details
4VulDB▶
Linux Kernel up to 6.18.8 mptcp_pm_nl_flush_addrs_doit denial of service (EUVD-2026-6104 / Nessus ID 299068)↗2026-04-13
GHSA▶
GHSA-r3f7-9rj4-j5fm: In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
syzbot and Eulgyu Kim reported↗2026-02-14
OSV▶
CVE-2026-23169: In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() syzbot and Eulgyu Kim reported c↗2026-02-14