23 matches found
CVE-2026-46158
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: always decrease sk refcount When an ADDADDR is retransmitted, the sk is held in skresettimer. It should then be released in all cases at the end. Some unlikely checks were returning directly instead of...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the ‘fullmesh’ flag. The code in mptcppmnlfullmesh expects to change it only on ‘subflow’ endpoints, to recreate more or less...
EUVD-2026-27811
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mptcp kernel path manager not always setting IDs as available when deleting endpoints, potentially...
EUVD-2026-15272
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generating this warning: msk-pm.localaddrused == 0 WARNING: net/mptcp/pmkernel.c:1071 at...
CVE-2026-23321 mptcp: pm: in-kernel: always mark signal+subflow endp as used
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generating this warning: msk-pm.localaddrused == 0 WARNING: net/mptcp/pmkernel.c:1071 at...
CVE-2026-23321 mptcp: pm: in-kernel: always mark signal+subflow endp as used
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generating this warning: msk-pm.localaddrused == 0 WARNING: net/mptcp/pmkernel.c:1071 at...
PT-2026-27686
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generating this warning: msk-pm.local addr used == 0 WARNING: net/mptcp/pm kernel.c:1071 at mark subflow en...
kernel: mptcp: pm: only mark 'subflow' endp as available
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...
SUSE CVE-2025-21706
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcppmnlfullmesh expects to change it only on 'subflow' endpoints, to recreate more or less...
CVE-2025-21706
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcppmnlfullmesh expects to change it only on 'subflow' endpoints, to recreate more or less...
DEBIAN-CVE-2025-21706
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcppmnlfullmesh expects to change it only on 'subflow' endpoints, to recreate more or less...
UBUNTU-CVE-2025-21706
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcppmnlfullmesh expects to change it only on 'subflow' endpoints, to recreate more or less...
CVE-2025-21706
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcppmnlfullmesh expects to change it only on 'subflow' endpoints, to recreate more or less...
CVE-2025-21706
CVE-2025-21706 is a Linux kernel vulnerability in the MPTCP path-manager. The in-kernel path-manager’s netlink set_flags path allowed non-subflow endpoints to receive the fullmesh flag due to a permissive hook, enabling an issue observed by syzbot warnings in net/mptcp/pm_netlink.c. The root caus...
CVE-2025-21706 mptcp: pm: only set fullmesh for subflow endp
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcppmnlfullmesh expects to change it only on 'subflow' endpoints, to recreate more or less...
SUSE CVE-2024-53122
In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcprcvspaceadjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg spooling data...
UBUNTU-CVE-2024-53122
In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcprcvspaceadjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg spooling data...
mptcp: pm: fix ID 0 endp usage after multiple re-creations
...
mptcp: pm: only decrement add_addr_accepted for MPJ req
...