CVE-2026-46137
Last modified
CVE-2026-46137 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential data-race This mptcp_pm_add_timer() helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bh_lock_sock(). If the socket is in use, retry again soon after, similar to what is done with the keepalive timer.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential data-race This mptcp_pm_add_timer() helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bh_lock_sock(). If the socket is in use, retry again soon after, similar to what is done with the keepalive timer.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | >= 5.10, < 5.10.259 | — |
| Linux | Linux Kernel | >= 5.11, < 5.15.210 | — |
| Linux | Linux Kernel | >= 5.16, < 6.1.176 | — |
| Linux | Linux Kernel | >= 6.2, < 6.6.141 | — |
| Linux | Linux Kernel | >= 6.7, < 6.12.91 | — |
| Linux | Linux Kernel | >= 6.13, < 6.18.30 | — |
| Linux | Linux Kernel | >= 6.19, < 7.0.7 | — |
| Linux | Linux Kernel | 7.1 | Rc1 |
References
Timeline
- Published
- Last Modified
- Status
- Undergoing Analysis
Frequently Asked Questions
What is CVE-2026-46137?
How severe is CVE-2026-46137?
How do I fix CVE-2026-46137?
Are you affected by CVE-2026-46137?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST