3 matches found
CVE-2026-45889
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
CVE-2026-45889
Summary: CVE-2026-45889 affects the Linux kernel’s Multipath TCP (MPTCP). The root cause is incorrect accounting for Out-of-Order (OoO) data in mptcp_rcvbuf_grow(), causing the MPTCP receive buffer to drift toward tcp_rmem[2]. The vulnerability is linked to a subtle race during rcvspace initializ...
CVE-2026-45889 mptcp: do not account for OoO in mptcp_rcvbuf_grow()
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...