CVE-2026-23169 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id() and/or mptcp_pm_nl_is_backup() Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit() which is not RCU ready. list_splice_init_rcu() can not be called here while holding pernet->lock spinlock. Many thanks to Eulgyu Kim for providing a repro and testing our patches.

PUBLISHED Reserved 2026-01-13 | Published 2026-02-14 | Updated 2026-02-16 | Assigner Linux

Product status

Default status

unaffected

141694df6573b49aa4143c92556544b4b0bbda72 (git) before 455e882192c9833f176f3fbbbb2f036b6c5bf555

affected

141694df6573b49aa4143c92556544b4b0bbda72 (git) before 51223bdd0f60b06cfc7f25885c4d4be917adba94

affected

141694df6573b49aa4143c92556544b4b0bbda72 (git) before 1f1b9523527df02685dde603f20ff6e603d8e4a1

affected

141694df6573b49aa4143c92556544b4b0bbda72 (git) before e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d

affected

Default status

affected

5.11

affected

Any version before 5.11

unaffected

6.6.125 (semver)

unaffected

6.12.72 (semver)

unaffected

6.18.9 (semver)

unaffected

6.19 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/455e882192c9833f176f3fbbbb2f036b6c5bf555

git.kernel.org/...c/51223bdd0f60b06cfc7f25885c4d4be917adba94

git.kernel.org/...c/1f1b9523527df02685dde603f20ff6e603d8e4a1

git.kernel.org/...c/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d

cve.org (CVE-2026-23169)

nvd.nist.gov (CVE-2026-23169)

Download JSON

help @ threatint.eu