1504 matches found
CVE-2026-53183
The CVE-2026-53183 entry concerns a Linux kernel vulnerability in MPTCP where the subflow TCP receive window (rcv_wnd) could be shrunk, causing the MPTCP-level rcv_nxt edge to be misrepresented and potentially allowing incoming traffic to exceed the receiver’s rcvbuf even when the sender is well-...
EUVD-2026-39274
In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In MPTCP connection, the window field in the TCP header refers to the MPTCP-level rcvnxt and it's right edge should not move backward. Such constraint is enforced at DSS option generation...
kernel: mptcp: fix slab-use-after-free in __inet_lookup_established
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...
kernel: mptcp: fix slab-use-after-free in __inet_lookup_established
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...
kernel: mptcp: fix slab-use-after-free in __inet_lookup_established
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero error in the MPTCP protocol: Oops: divide error: 0000 1 PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net/ipv6: avoided a possible Use After Free UAF in ip6routempathnotify syzbot discovered another use-after-free in ip6routempath Notify. 1 The commit f7225172f25a “net/ipv6: prevent use after free in ip6routempath Notify” fail...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed soft lockups in fib6selectpath under high next hop changes. Soft lockups were observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the bird service, these routers continuous...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Use skdstget and dstdevrcu in mptcpactiveenable. mptcpactiveenable is called from subflowfinishconnect, which is icsk-icskafops-skrxdstset. This call is not always under a RCU context. Using skdstgetsk-dev could lead to...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: deferring partition scanning. We need to prevent the partition scanning from occurring within the controller’s scanwork context. If a path error occurs here, I/O will wait until a path becomes available or all pat...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: Race conditions between subflow failures and additional subflow creations. We have race conditions similar to those addressed by the previous patch, between subflow failures and additional subflow creations. However, these...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed a double-free on the socket destructor function When an MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to ‘inetopt’ for the new socket has the same value as the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed TCP options overflow. Syzbot reported the following errors: Oops: general protection fault, likely due to a non-canonical address 0xdffffc0000000001: 0000 1 PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nvme: fixed the SRCU protection for the nvmenshead list The process of walking the nvmenshead siblings list is protected by the head’s srcu in nvmensheadsubmitbio, but not in nvmempathrevalidatePaths. Removing namespaces from...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: dm: A race condition in retrievedeps has been fixed. There is a race condition in the multipath target when retrievedeps interacts with multipathmessage. This race condition occurs when multipathmessage calls dmgetdevice and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect After the committed code below, if the MPC subflow is already in the TCPCLOSE status or has fallen back to TCP at the mptcpdisconnect time, mptcpdofastclose skips setting the sendfastclos...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mptcp: Fixed an out-of-bounds error during the parsing of TCP options. The TCP option parser in mptcp mptcpgetoptions could read one byte out of bounds. When the length of the option is 1, the execution flow enters a loop, reads...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint, the netlink PM traverses all local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP correspondin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mptcp: prevented BPF from accessing lowat from a subflow socket. Alexei reported the following error: WARNING: CPU: 32, PID: 3276; in net/mptcp/subflow.c, line 1430: subflowdataready+0x147/0x1c0. Linked modules: dummy, bpftestmod...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: The possibility of a Use-after-Free condition arises when selecting an endpoint. The functions selectlocaladdress and selectsignaladdress both select an endpoint from a list within the RCU-protected section. However,...