Primary

Context

Linux Kernel MPTCP NULL Pointer Dereference Vulnerability in Fast Open Early Fallback

Vulnerability

Patched

A vulnerability in the Linux kernel's Multipath TCP (MPTCP) implementation can lead to a NULL pointer dereference. This issue occurs in the fast open path when there is an early fallback to TCP. The subflow_syn_recv_sock() function deletes the subflow context before returning a newly allocated socket, and the fast open path does not handle this properly, leading to an unconditioned dereference.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, which typically leads to a crash of the affected component or process.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.

Added: Dec 24, 2025, 3:50 PM

Updated: Dec 24, 2025, 3:50 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel MPTCP NULL Pointer Dereference Vulnerability in Fast Open Early Fallback

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating