Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id() and/or mptcp_pm_nl_is_backup() Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit() which is not RCU ready. list_splice_init_rcu() can not be called here while holding pernet->lock spinlock. Many thanks to Eulgyu Kim for providing a repro and testing our patches.

INFO

Published Date :

2026-02-14T16:01:32.139Z

Last Modified :

2026-04-03T13:32:08.297Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23169 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23169.

URL Resource
https://git.kernel.org/stable/c/1f1b9523527df02685dde603f20ff6e603d8e4a1 cve-icon cve-icon
https://git.kernel.org/stable/c/338d40bab283da2639780ee3e458fb61f1567d8c cve-icon cve-icon
https://git.kernel.org/stable/c/455e882192c9833f176f3fbbbb2f036b6c5bf555 cve-icon cve-icon
https://git.kernel.org/stable/c/51223bdd0f60b06cfc7f25885c4d4be917adba94 cve-icon cve-icon
https://git.kernel.org/stable/c/7896dbe990d56d5bb8097863b2645355633665eb cve-icon cve-icon
https://git.kernel.org/stable/c/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026021420-CVE-2026-23169-38ea@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23169 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23169 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact