CVE-2026-45889

UNKNOWN 0.0

mptcp: do not account for OoO in mptcp_rcvbuf_grow()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcp_rcvbuf_grow() MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcp_rcvbuf_grow() causes the rcvbuf slowly drifting towards tcp_rmem[2]. Remove such accounting. Note that subflows will still account for TCP-level OoO when the MPTCP-level rcvbuf is propagated. This also closes a subtle and very unlikely race condition with rcvspace init; active sockets with user-space holding the msk-level socket lock, could complete such initialization in the receive callback, after that the first OoO data reaches the rcvbuf and potentially triggering a divide by zero Oops.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 27, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

e118cdc34dd109562b64f6a397f68cd33b041d5b < fb7bf00b04a6b48859f52035d4e745848c2b4c79 e118cdc34dd109562b64f6a397f68cd33b041d5b < 400ee4854adef1e4983812a3decf6717ea020136 e118cdc34dd109562b64f6a397f68cd33b041d5b < 6b329393502e5857662b851a13f947209c588587

Linux / Linux

6.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/fb7bf00b04a6b48859f52035d4e745848c2b4c79 git.kernel.org: https://git.kernel.org/stable/c/400ee4854adef1e4983812a3decf6717ea020136 git.kernel.org: https://git.kernel.org/stable/c/6b329393502e5857662b851a13f947209c588587