CVE-2026-23169

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()

syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id() and/or mptcp_pm_nl_is_backup()

Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit() which is not RCU ready.

list_splice_init_rcu() can not be called here while holding pernet->lock spinlock.

Many thanks to Eulgyu Kim for providing a repro and testing our patches.

EPSS Score: 0.00129 (0.030)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in