CVE-2026-43198

UNKNOWN 0.0

tcp: fix potential race in tcp_v6_syn_recv_sock()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done too late. After tcp_v4_syn_recv_sock(), the child socket is already visible from TCP ehash table and other cpus might use it. Since newinet->pinet6 is still pointing to the listener ipv6_pinfo bad things can happen as syzbot found. Move the problematic code in tcp_v6_mapped_child_init() and call this new helper from tcp_v4_syn_recv_sock() before the ehash insertion. This allows the removal of one tcp_sync_mss(), since tcp_v4_syn_recv_sock() will call it with the correct context.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 6, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < fe89b2f05b854847784f91127319172945c1fadd 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7178e2a8027423b2af17ab95df73a749a5b72e5b 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 858d2a4f67ff69e645a43487ef7ea7f28f06deae

Linux / Linux

2.6.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/fe89b2f05b854847784f91127319172945c1fadd git.kernel.org: https://git.kernel.org/stable/c/7178e2a8027423b2af17ab95df73a749a5b72e5b git.kernel.org: https://git.kernel.org/stable/c/858d2a4f67ff69e645a43487ef7ea7f28f06deae