CVE-2026-46137

Source
https://cve.org/CVERecord?id=CVE-2026-46137
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46137.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46137
Downstream
Related
Published
2026-05-28T09:35:53.628Z
Modified
2026-06-26T11:56:56.300425831Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
mptcp: pm: ADD_ADDR rtx: fix potential data-race
Details

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: fix potential data-race

This mptcppmaddtimer() helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bhlock_sock().

If the socket is in use, retry again soon after, similar to what is done with the keepalive timer.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46137.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
00cfd77b9063dcdf3628a7087faba60de85a9cc8
Fixed
d9b272a85fe6b8f993e37915311e4038c814a533
Fixed
23079e0b7742ec114d3507c3e3aad01b7b69e4af
Fixed
b35605e1f1e877038c8c9d499babbc891cdd234f
Fixed
013dcdc1961543b9a3433466bc8c79a2f4ca75b5
Fixed
6e4710d7d8782cb61af29a7e7111ddfc38b9e1a3
Fixed
2ad56e434199ca24a812bb353667aa1c3860f513
Fixed
cc3c0399361efaaf7ae64262eb3f70829b1189c6
Fixed
5cd6e0ad79d2615264f63929f8b457ad97ae550d

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46137.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.10.0
Fixed
5.10.259
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.30
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46137.json"