CVE-2026-46170

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD ADDR rtx: free sk if last

When an ADD ADDR is retransmitted, the sk is held in sk reset timer(), and released at the end.

If at that moment, it was the last reference being held, the sk would not be freed. sock put() should then be called instead of sock put().

But that's not enough: if it is the last reference, sock put() will call sk free(), which will end up calling sk stop timer sync() on the same timer, and waiting indefinitely to finish. So it is needed to mark that the timer is done at the end of the timer handler when it has not been rescheduled, not to call sk stop timer sync() on "itself".