CVE-2026-46170

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: free sk if last

When an ADD_ADDR is retransmitted, the sk is held in sk_reset_timer(),
and released at the end.

If at that moment, it was the last reference being held, the sk would
not be freed. sock_put() should then be called instead of __sock_put().

But that's not enough: if it is the last reference, sock_put() will call
sk_free(), which will end up calling sk_stop_timer_sync() on the same
timer, and waiting indefinitely to finish. So it is needed to mark that
the timer is done at the end of the timer handler when it has not been
rescheduled, not to call sk_stop_timer_sync() on 'itself'.

https://git.kernel.org/stable/c/8143a224785ceaf2b0856e08d44…

https://git.kernel.org/stable/c/8143a224785ceaf2b0856e08d4498916f38228fb

https://git.kernel.org/stable/c/b74ad20198652b6b39a761c277b…

https://git.kernel.org/stable/c/b74ad20198652b6b39a761c277ba65ae82b1e107

https://git.kernel.org/stable/c/b7b9a461569734d33d3259d58d2…

https://git.kernel.org/stable/c/b7b9a461569734d33d3259d58d2507adfac107ed

CVE-2026-46170

Description

Iscriviti alla newsletter