CVE-2026-43198
Published: May 6, 2026
Modified: May 11, 2026
CVSS v3.1
9.8
Description
In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done too late. After tcp_v4_syn_recv_sock(), the child socket is already visible from TCP ehash table and other cpus might use it. Since newinet->pinet6 is still pointing to the listener ipv6_pinfo bad things can happen as syzbot found. Move the problematic code in tcp_v6_mapped_child_init() and call this new helper from tcp_v4_syn_recv_sock() before the ehash insertion. This allows the removal of one tcp_sync_mss(), since tcp_v4_syn_recv_sock() will call it with the correct context.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < fe89b2f05b854847784f91127319172945c1faddaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 7178e2a8027423b2af17ab95df73a749a5b72e5baffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 858d2a4f67ff69e645a43487ef7ea7f28f06deae |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 6.18.16 - <= 6.18.*unaffected 6.19.6 - <= 6.19.*unaffected 7.0 - <= * |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now