CVE-2026-23169
- Source
- https://cve.org/CVERecord?id=CVE-2026-23169
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23169.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23169
- Downstream
- Related
- Published
- 2026-02-14T16:01:32.139Z
- Modified
- 2026-03-24T08:59:22.928860Z
- Summary
- mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix race in mptcppmnlflushaddrs_doit()
syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid() and/or mptcppmnlis_backup()
Root cause is listspliceinit() in mptcppmnlflushaddrs_doit() which is not RCU ready.
listspliceinit_rcu() can not be called here while holding pernet->lock spinlock.
Many thanks to Eulgyu Kim for providing a repro and testing our patches.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23169.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1f1b9523527df02685dde603f20ff6e603d8e4a1
- https://git.kernel.org/stable/c/338d40bab283da2639780ee3e458fb61f1567d8c
- https://git.kernel.org/stable/c/455e882192c9833f176f3fbbbb2f036b6c5bf555
- https://git.kernel.org/stable/c/51223bdd0f60b06cfc7f25885c4d4be917adba94
- https://git.kernel.org/stable/c/7896dbe990d56d5bb8097863b2645355633665eb
- https://git.kernel.org/stable/c/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23169.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23169
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced141694df6573b49aa4143c92556544b4b0bbda72Fixed338d40bab283da2639780ee3e458fb61f1567d8cFixed7896dbe990d56d5bb8097863b2645355633665ebFixed455e882192c9833f176f3fbbbb2f036b6c5bf555Fixed51223bdd0f60b06cfc7f25885c4d4be917adba94Fixed1f1b9523527df02685dde603f20ff6e603d8e4a1Fixede2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d