CVE-2026-43198

CRITICAL EPSS 28.5%
Published May 6, 20261mo ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done too late. After tcp_v4_syn_recv_sock(), the child socket is already visible from TCP ehash table and other cpus might use it. Since newinet->pinet6 is still pointing to the listener ipv6_pinfo bad things can happen as syzbot found. Move the problematic code in tcp_v6_mapped_child_init() and call this new helper from tcp_v4_syn_recv_sock() before the ehash insertion. This allows the removal of one tcp_sync_mss(), since tcp_v4_syn_recv_sock() will call it with the correct context.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
28.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥2.6.12.1  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel7.0any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/7178e2a8027423b2af17ab95df73a749a5b72e5b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/858d2a4f67ff69e645a43487ef7ea7f28f06deae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fe89b2f05b854847784f91127319172945c1fadd
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/7178e2a8027423b2af17ab95df73a749a5b72e5b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/858d2a4f67ff69e645a43487ef7ea7f28f06deae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fe89b2f05b854847784f91127319172945c1fadd
    Patch