CVE-2026-23169

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the mptcp pm nl flush addrs doit() function within the Linux kernel’s MPTCP implementation. This issue stems from the use of list splice init() which is not RCU ready, leading to potential crashes reported by syzbot and Eulgyu Kim in functions such as mptcp pm nl get local id() and mptcp pm nl is backup(). The root cause is the improper use of list splice init rcu() while holding a spinlock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2026-23169

ECHO-816A-534A-9EA7

OESA-2026-1760

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21255-1

SUSE-SU-2026:21284-1

Affected Products

Linux Kernel

CVE-2026-23169

Weakness Enumeration

Related Identifiers

Affected Products

References · 697