You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-31669
About this tag
CVE-2026-31669 is a Linux kernel vulnerability in Multipath TCP (MPTCP) affecting the IPv6 subflow path. The flaw arises from an initialization-order mistake where child sockets are allocated from a generic kmalloc cache instead of the expected TCPv6 slab cache, which lacks SLAB_TYPESAFE_BY_RCU protection. This allows concurrent lockless lookups to access freed and reused memory, leading to a use-after-free condition. For WindowsForum readers, the relevance lies in understanding how such kernel-level memory safety issues can impact cross-platform networking stacks, especially in environments where Windows systems interact with Linux-based network infrastructure. The vulnerability highlights the importance of proper slab cache allocation and RCU protection in kernel networking code.
CVE-2026-31669 is a newly published Linux kernel vulnerability that exposes how a small initialization-order mistake can undermine one of the kernel networking stack’s most delicate memory-safety assumptions. The flaw sits in Multipath TCP, specifically the IPv6 subflow path, where child sockets...