Linux Kernel MPTCP Scheduling While Atomic Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Multipath TCP (MPTCP) implementation can lead to a 'scheduling while atomic' issue. This occurs when multiple connection requests try to create an implicit MPTCP endpoint simultaneously. The requests may interfere with each other by deleting address entries that were just created, leading to a race condition. The problem is exacerbated when an endpoint's external and internal addresses differ, causing parallel subflow SYNs that trigger the race during the initial local address list entry creation.

Impact

Exploitation of this vulnerability causes a race condition that can disrupt the proper handling of MPTCP connections, potentially leading to incorrect routing or management of network traffic.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel MPTCP Scheduling While Atomic Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating