Linux Kernel: Crashes Can Happen When Using Multi-Path TCP

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Linux Kernel: Crashes Can Happen When Using Multi-Path TCP

CVE-2026-23169

Summary

A fix has been made to prevent crashes in the Linux kernel when using Multi-Path TCP (MPTCP). This issue was reported by automated testing and a Linux developer, and it's now resolved. Affected systems should update to the latest kernel version to ensure stability.

Original title

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id() and/or m...

Original description

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()

syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()
and/or mptcp_pm_nl_is_backup()

Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()
which is not RCU ready.

list_splice_init_rcu() can not be called here while holding pernet->lock
spinlock.

Many thanks to Eulgyu Kim for providing a repro and testing our patches.

Published: 14 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026