Description
In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: fix potential data-race

This mptcp_pm_add_timer() helper is executed as a timer callback in
softirq context. To avoid any data races, the socket lock needs to be
held with bh_lock_sock().

If the socket is in use, retry again soon after, similar to what is done
with the keepalive timer.
Published: 2026-05-28
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves a race condition in the Linux kernel’s mptcp_pm_add_timer helper, which runs as a timer callback in softirq context without acquiring the socket lock. This oversight can allow concurrent modification of socket data structures, leading to undefined behaviour that could manifest as denial of service or unexpected privilege escalation. The issued fix requires holding the socket lock via bh_lock_sock() before making changes, thus eliminating the race.

Affected Systems

Affected systems are Linux kernel deployments that lack the recent patch adding the bh_lock_sock() guard to the MPTCP timer logic. The vendor is Linux, but no specific version ranges or CPE version details are disclosed in the CVE data.

Risk and Exploitability

The CVSS and EPSS metrics are not provided, and the KEV status is listed as "not listed in KEV", so a quantified risk assessment is unavailable. Nevertheless, data‑race bugs in kernel code are regarded as serious because they can potentially allow privilege escalation or system instability. The most likely attack vector would involve local or privileged access that triggers the MPTCP timer routine, but no autonomous exploitation has been documented. System administrators should check whether their kernel builds include the patch and evaluate whether they expose the system to untrusted MPTCP traffic.

Generated by OpenCVE AI on May 28, 2026 at 12:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel release that includes the bh_lock_sock() protection in the mptcp_pm_add_timer helper (the patch series referenced by the provided commit URLs).
  • If an immediate kernel upgrade is not feasible, disable or limit MPTCP usage by configuring sysctl settings or applying network policies that prevent MPTCP traffic from reaching the kernel.
  • Monitor kernel logs for anomalies or repeated softirq invocations related to MPTCP and apply additional runtime checks or performance monitoring to detect potential race‑related instability.

Generated by OpenCVE AI on May 28, 2026 at 12:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential data-race This mptcp_pm_add_timer() helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bh_lock_sock(). If the socket is in use, retry again soon after, similar to what is done with the keepalive timer.
Title mptcp: pm: ADD_ADDR rtx: fix potential data-race
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:35:53.628Z

Reserved: 2026-05-13T15:03:33.100Z

Link: CVE-2026-46137

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:29.263

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46137

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T15:15:19Z

Weaknesses