9.8

CVE-2026-46137

mptcp: pm: ADD_ADDR rtx: fix potential data-race

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: fix potential data-race

This mptcp_pm_add_timer() helper is executed as a timer callback in
softirq context. To avoid any data races, the socket lock needs to be
held with bh_lock_sock().

If the socket is in use, retry again soon after, similar to what is done
with the keepalive timer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10 < 5.10.259
LinuxLinux Kernel Version >= 5.11 < 5.15.210
LinuxLinux Kernel Version >= 5.16 < 6.1.176
LinuxLinux Kernel Version >= 6.2 < 6.6.141
LinuxLinux Kernel Version >= 6.7 < 6.12.91
LinuxLinux Kernel Version >= 6.13 < 6.18.30
LinuxLinux Kernel Version >= 6.19 < 7.0.7
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.341
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/013dcdc1961543b9a3433466bc8c79a2f4ca75b5
Patch
https://git.kernel.org/stable/c/6e4710d7d8782cb61af29a7e7111ddfc38b9e1a3
Patch
https://git.kernel.org/stable/c/2ad56e434199ca24a812bb353667aa1c3860f513
Patch
https://git.kernel.org/stable/c/cc3c0399361efaaf7ae64262eb3f70829b1189c6
Patch
https://git.kernel.org/stable/c/5cd6e0ad79d2615264f63929f8b457ad97ae550d
Patch
https://git.kernel.org/stable/c/23079e0b7742ec114d3507c3e3aad01b7b69e4af
Patch
https://git.kernel.org/stable/c/b35605e1f1e877038c8c9d499babbc891cdd234f
Patch
https://git.kernel.org/stable/c/d9b272a85fe6b8f993e37915311e4038c814a533
Patch