CVE-2026-46158

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A reference leak exists in the Multipath TCP (mptcp) path manager. When an ADD ADDR message is retransmitted, the socket (sk) is held in the sk reset timer() function. Certain execution paths returned directly without calling sock put() to decrease the reference count, leading to a potential memory leak that can degrade system performance over time.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.