CVE-2026-46158

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. When an ADDADDR message is retransmitted, a socket reference count may not be properly decreased, leading to a potential resource leak. Over time, this resource exhaustion could allow a remote attacker to cause a Denial of...

PT-2026-44281

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak exists in the Multipath TCP mptcp path manager. When an ADD ADDR message is retransmitted, the socket sk is held in the sk reset timer function. Certain execution paths...

PT-2026-30033

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a circular locking dependency within the rds tcp tune function. The sk net refcnt upgrade function is called while holding the socket lock, leading to a circula...

UBUNTU-CVE-2025-40258

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...

CVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work()

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...

UBUNTU-CVE-2023-53489

In the Linux kernel, the following vulnerability has been resolved: tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY skbs. We can reproduce the problem with these sequences: sk = socketAFINET, SOCKDGRAM, 0...

Linux Distros Unpatched Vulnerability : CVE-2025-38154

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sksocket after free when sending The sk-sksocket is not locked or...

Linux Distros Unpatched Vulnerability : CVE-2024-41006

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nrheartbeatexpiry syzbot reported a memory leak in nrcreate 0...

DEBIAN-CVE-2025-38154

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sksocket after free when sending The sk-sksocket is not locked or referenced in backlog thread, and during the call to skbsendsock, there is a race condition with the release of sksocket. All types of...

CVE-2024-54680

...

DEBIAN-CVE-2021-47294

In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 "netrom: switch to sock timer API" switched to use sock timer API. It replaces modtimer by skresettimer, and deltimer by skstoptimer. Function skresettime...

DEBIAN-CVE-2021-46973

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ulcallback will be invoked immediately following the queueing of the skb for transmission, leading to the callback decrementing the refcount of the...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility that MHI ulcallback may be called immediately after a skb has queued for transmission, causi...