CVE-2026-46137 CRITICAL

CVE-2026-46137: mptcp: pm: ADD_ADDR rtx: fix potential data-race

Vendor Linux
Product Linux
Published May 28, 2026
Last update June 14, 2026

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential data-race This mptcp_pm_add_timer() helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bh_lock_sock(). If the socket is in use, retry again soon after, similar to what is done with the keepalive timer.

Key dates

02Disclosure timeline

May 28, 2026 CVE published
June 14, 2026 Record updated