CVE-2026-23169

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23169
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23169.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23169
Downstream
Related
Published
2026-02-14T16:01:32.139Z
Modified
2026-03-28T17:44:16.624855760Z
Summary
mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
Details

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix race in mptcppmnlflushaddrs_doit()

syzbot and Eulgyu Kim reported crashes in mptcppmnlgetlocalid() and/or mptcppmnlis_backup()

Root cause is listspliceinit() in mptcppmnlflushaddrs_doit() which is not RCU ready.

listspliceinit_rcu() can not be called here while holding pernet->lock spinlock.

Many thanks to Eulgyu Kim for providing a repro and testing our patches.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23169.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
141694df6573b49aa4143c92556544b4b0bbda72
Fixed
338d40bab283da2639780ee3e458fb61f1567d8c
Fixed
7896dbe990d56d5bb8097863b2645355633665eb
Fixed
455e882192c9833f176f3fbbbb2f036b6c5bf555
Fixed
51223bdd0f60b06cfc7f25885c4d4be917adba94
Fixed
1f1b9523527df02685dde603f20ff6e603d8e4a1
Fixed
e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23169.json"