Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-46137: Linux Kernel: Potential Data-Race in MPTCP Socket Lock
CVE-2026-46137
Summary
A potential issue was found in the Linux kernel's MPTCP (Multipath TCP) feature, where a data-race could occur when a socket is in use. This could potentially cause data corruption or other issues. To fix this, the kernel developers have made changes to ensure the socket lock is held securely, preventing data-races from occurring.
Original title
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: ADD_ADDR rtx: fix potential data-race
This mptcp_pm_add_timer() helper is executed as a timer callback in
softirq co...
Original description
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: ADD_ADDR rtx: fix potential data-race
This mptcp_pm_add_timer() helper is executed as a timer callback in
softirq context. To avoid any data races, the socket lock needs to be
held with bh_lock_sock().
If the socket is in use, retry again soon after, similar to what is done
with the keepalive timer.
mptcp: pm: ADD_ADDR rtx: fix potential data-race
This mptcp_pm_add_timer() helper is executed as a timer callback in
softirq context. To avoid any data races, the socket lock needs to be
held with bh_lock_sock().
If the socket is in use, retry again soon after, similar to what is done
with the keepalive timer.
- https://git.kernel.org/stable/c/013dcdc1961543b9a3433466bc8c79a2f4ca75b5
- https://git.kernel.org/stable/c/2ad56e434199ca24a812bb353667aa1c3860f513
- https://git.kernel.org/stable/c/5cd6e0ad79d2615264f63929f8b457ad97ae550d
- https://git.kernel.org/stable/c/6e4710d7d8782cb61af29a7e7111ddfc38b9e1a3
- https://git.kernel.org/stable/c/cc3c0399361efaaf7ae64262eb3f70829b1189c6
Published: 28 May 2026 · Updated: 31 May 2026 · First seen: 28 May 2026