CVE-2026-45889

NONE EPSS 4.9%
Published May 27, 20261mo ago · Modified Jun 17, 20262w ago
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcp_rcvbuf_grow() MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcp_rcvbuf_grow() causes the rcvbuf slowly drifting towards tcp_rmem[2]. Remove such accounting. Note that subflows will still account for TCP-level OoO when the MPTCP-level rcvbuf is propagated. This also closes a subtle and very unlikely race condition with rcvspace init; active sockets with user-space holding the msk-level socket lock, could complete such initialization in the receive callback, after that the first OoO data reaches the rcvbuf and potentially triggering a divide by zero Oops.

Threat Intelligence

EPSS Exploit Probability
4.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 3

  • git.kernel.org https://git.kernel.org/stable/c/400ee4854adef1e4983812a3decf6717ea020136
  • git.kernel.org https://git.kernel.org/stable/c/6b329393502e5857662b851a13f947209c588587
  • git.kernel.org https://git.kernel.org/stable/c/fb7bf00b04a6b48859f52035d4e745848c2b4c79

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.