CVE-2026-45889

Source
https://cve.org/CVERecord?id=CVE-2026-45889
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45889.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45889
Downstream
Published
2026-05-27T12:17:00.509Z
Modified
2026-07-15T01:48:50.270386759Z
Summary
mptcp: do not account for OoO in mptcp_rcvbuf_grow()
Details

In the Linux kernel, the following vulnerability has been resolved:

mptcp: do not account for OoO in mptcprcvbufgrow()

MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops.

Accounting for them in mptcprcvbufgrow() causes the rcvbuf slowly drifting towards tcp_rmem[2].

Remove such accounting. Note that subflows will still account for TCP-level OoO when the MPTCP-level rcvbuf is propagated.

This also closes a subtle and very unlikely race condition with rcvspace init; active sockets with user-space holding the msk-level socket lock, could complete such initialization in the receive callback, after that the first OoO data reaches the rcvbuf and potentially triggering a divide by zero Oops.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45889.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e118cdc34dd109562b64f6a397f68cd33b041d5b
Fixed
fb7bf00b04a6b48859f52035d4e745848c2b4c79
Fixed
400ee4854adef1e4983812a3decf6717ea020136
Fixed
6b329393502e5857662b851a13f947209c588587

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45889.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45889.json"