Login Sign Up

CVE-2026-23169

N/A Unknown
Denial of Service

📋 TL;DR

A race condition vulnerability in the Linux kernel's MPTCP subsystem allows concurrent access to network address lists without proper RCU synchronization. This affects Linux systems with MPTCP enabled, potentially causing kernel crashes or denial of service. The vulnerability is in the mptcp_pm_nl_flush_addrs_doit() function.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions containing the vulnerable code (check git commits for exact range)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if MPTCP subsystem is enabled and in use. Many distributions disable MPTCP by default.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and complete denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

System instability, kernel crashes, or service disruption affecting MPTCP connections.

🟢

If Mitigated

Minimal impact if MPTCP is disabled or systems are patched; isolated crashes in MPTCP subsystem only.

🌐 Internet-Facing: MEDIUM - Exploitation requires MPTCP connectivity but could be triggered remotely via network operations.
🏢 Internal Only: MEDIUM - Internal systems with MPTCP enabled are vulnerable to crashes from network operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the race condition through MPTCP operations. No public exploit available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 1f1b9523527df02685dde603f20ff6e603d8e4a1 and e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d

Vendor Advisory: https://git.kernel.org/stable/c/1f1b9523527df02685dde603f20ff6e603d8e4a1

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify MPTCP functionality if required.

🔧 Temporary Workarounds

Disable MPTCP

Linux

Disable MPTCP subsystem if not required for functionality

echo 0 > /proc/sys/net/mptcp/enabled
sysctl -w net.mptcp.enabled=0

🧯 If You Can't Patch

  • Disable MPTCP subsystem using sysctl or kernel boot parameters
  • Restrict MPTCP usage to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check if MPTCP is enabled: cat /proc/sys/net/mptcp/enabled. If returns 1, check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and MPTCP functions without crashes during address operations.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • MPTCP subsystem crash messages in dmesg
  • System reboots without clear cause

Network Indicators:

  • MPTCP connection failures
  • Unexpected network service disruptions

SIEM Query:

Search for kernel panic events or MPTCP-related crash messages in system logs

📊 Metadata

CVE ID: CVE-2026-23169
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON