CVE-2026-23169
Published: Feb 14, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id() and/or mptcp_pm_nl_is_backup() Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit() which is not RCU ready. list_splice_init_rcu() can not be called here while holding pernet->lock spinlock. Many thanks to Eulgyu Kim for providing a repro and testing our patches.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 141694df6573b49aa4143c92556544b4b0bbda72 - < 338d40bab283da2639780ee3e458fb61f1567d8caffected 141694df6573b49aa4143c92556544b4b0bbda72 - < 7896dbe990d56d5bb8097863b2645355633665ebaffected 141694df6573b49aa4143c92556544b4b0bbda72 - < 455e882192c9833f176f3fbbbb2f036b6c5bf555affected 141694df6573b49aa4143c92556544b4b0bbda72 - < 51223bdd0f60b06cfc7f25885c4d4be917adba94affected 141694df6573b49aa4143c92556544b4b0bbda72 - < 1f1b9523527df02685dde603f20ff6e603d8e4a1+1 more versions |
Linux | Linux | affected 5.11unaffected 0 - < 5.11unaffected 5.15.201 - <= 5.15.*unaffected 6.1.164 - <= 6.1.*unaffected 6.6.125 - <= 6.6.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now