mptcp

The Linux kernel bug tracked as CVE-2024-45009 is a medium‑severity defect in the kernel’s Multipath TCP (MPTCP) path manager that can lead to incorrect counter handling during subflow removal. Microsoft’s public advisory language names Azure Linux as a product that “includes this open‑source...

CVE-2024-44974 is a Linux‑kernel Multipath TCP (MPTCP) use‑after‑free (UaF) defect in the MPTCP path manager that was fixed upstream in 2024 — and Microsoft’s public advisory language naming Azure Linux as a product that “includes this open‑source library and is therefore potentially affected”...

The Linux kernel patch for CVE-2025-23145 fixes a subtle but real NULL-pointer dereference in the Multipath TCP (MPTCP) code — a bug that can cause kernel panics and availability outages on systems whose kernels include MPTCP support. Microsoft’s public advisory language that “Azure Linux...

The Linux kernel received a targeted fix for CVE‑2025‑68227 — a subtle MPTCP (Multipath TCP) interaction with the sockmap/BPF subsystems that could cause incorrect protocol fallback handling and an associated kernel warning — and operators should treat it as a correctness/robustness patch that...

A recently disclosed race condition in the Linux kernel’s Multipath TCP (MPTCP) code — tracked as CVE‑2025‑40257 — can lead to a slab-use-after-free while deleting a timer, and upstream maintainers have patched the bug by adding RCU protection and clarifying the timer logic; operators should...

A subtle ordering bug in the Linux kernel’s Multipath TCP (MPTCP) implementation has been fixed after a syzbot report exposed a race that can lead to a use‑after‑free in mptcp_schedule_work. The upstream remedy is small and surgical — reordering reference‑count operations so the socket reference...