CVE-2025-71088

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to MPTCP (Multipath TCP). A race condition exists in the handling of simultaneous connection synchronization-acknowledgment (syn-ack) packets, potentially leading to an inconsistent fallback status. Specifically, the TCP subflow can process the syn-ack packet after transitioning to the TCP FIN1 state, bypassing the MPTCP fallback check because the sk state change() callback is not invoked for transitions to FIN WAIT1. This can result in the socket entering an inconsistent state, and subsequent incoming data may trigger a system crash. The issue is addressed by moving the simult-fallback check to an earlier stage, specifically at syn-ack generation time. Fixes [1], [2], and [3] are related to resolving this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.