CVE-2026-23169
MEDIUM EPSS 2.9%
Published Feb 14, 20264mo ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Published Feb 14, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id() and/or mptcp_pm_nl_is_backup() Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit() which is not RCU ready. list_splice_init_rcu() can not be called here while holding pernet->lock spinlock. Many thanks to Eulgyu Kim for providing a repro and testing our patches.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-362
Affected Products 12
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥5.11 – <5.15.201 |
| linux | linux_kernel | * | ≥5.16 – <6.1.164 |
| linux | linux_kernel | * | ≥6.2 – <6.6.125 |
| linux | linux_kernel | * | ≥6.7 – <6.12.72 |
| linux | linux_kernel | * | ≥6.13 – <6.18.9 |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
References 6
- git.kernel.org https://git.kernel.org/stable/c/1f1b9523527df02685dde603f20ff6e603d8e4a1
- git.kernel.org https://git.kernel.org/stable/c/338d40bab283da2639780ee3e458fb61f1567d8c
- git.kernel.org https://git.kernel.org/stable/c/455e882192c9833f176f3fbbbb2f036b6c5bf555
- git.kernel.org https://git.kernel.org/stable/c/51223bdd0f60b06cfc7f25885c4d4be917adba94
- git.kernel.org https://git.kernel.org/stable/c/7896dbe990d56d5bb8097863b2645355633665eb
- git.kernel.org https://git.kernel.org/stable/c/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d
Remediation
- git.kernel.org https://git.kernel.org/stable/c/1f1b9523527df02685dde603f20ff6e603d8e4a1
- git.kernel.org https://git.kernel.org/stable/c/338d40bab283da2639780ee3e458fb61f1567d8c
- git.kernel.org https://git.kernel.org/stable/c/455e882192c9833f176f3fbbbb2f036b6c5bf555
- git.kernel.org https://git.kernel.org/stable/c/51223bdd0f60b06cfc7f25885c4d4be917adba94
- git.kernel.org https://git.kernel.org/stable/c/7896dbe990d56d5bb8097863b2645355633665eb
- git.kernel.org https://git.kernel.org/stable/c/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d