CVE-2026-45889

Published: May 27, 2026

Modified: May 27, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcp_rcvbuf_grow() MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcp_rcvbuf_grow() causes the rcvbuf slowly drifting towards tcp_rmem[2]. Remove such accounting. Note that subflows will still account for TCP-level OoO when the MPTCP-level rcvbuf is propagated. This also closes a subtle and very unlikely race condition with rcvspace init; active sockets with user-space holding the msk-level socket lock, could complete such initialization in the receive callback, after that the first OoO data reaches the rcvbuf and potentially triggering a divide by zero Oops.

Vendor	Product	Versions
Linux	Linux	affected `e118cdc34dd109562b64f6a397f68cd33b041d5b - < fb7bf00b04a6b48859f52035d4e745848c2b4c79` affected `e118cdc34dd109562b64f6a397f68cd33b041d5b - < 400ee4854adef1e4983812a3decf6717ea020136` affected `e118cdc34dd109562b64f6a397f68cd33b041d5b - < 6b329393502e5857662b851a13f947209c588587`
Linux	Linux	affected `6.18` unaffected `0 - < 6.18` unaffected `6.18.14 - <= 6.18.` unaffected `6.19.4 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/fb7bf00b04a6b48859f52035d4e745848c2b4c79

https://git.kernel.org/stable/c/400ee4854adef1e4983812a3decf6717ea020136

https://git.kernel.org/stable/c/6b329393502e5857662b851a13f947209c588587

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-45889

Description

Affected Products

References