mptcp

About this tag
The mptcp tag on WindowsForum covers Linux kernel vulnerabilities and fixes related to Multipath TCP (MPTCP), a networking extension that allows a single TCP connection to use multiple network paths. Content includes CVE details for bugs such as kernel panics, use-after-free defects, soft lockups, and race conditions in MPTCP code. Several threads discuss Microsoft's Azure Linux attestation for these CVEs, noting that Azure Linux is the confirmed affected Microsoft product. The tag is relevant for operators managing Linux servers, WSL workloads, containers, or mixed-platform environments where MPTCP may be enabled. Discussions emphasize the stability and availability risks of these kernel defects and the importance of applying vendor kernel updates.

  1. CVE-2026-46168: Linux MPTCP Timestamp Lock Bug Can Cause Kernel Panic

    CVE-2026-46168 is a Linux kernel networking flaw published by NVD on May 28, 2026, after kernel.org reported a Multipath TCP fix for a crash triggered when timestamp socket options were handled under an atomic lock. The bug is not a glamorous remote-code-execution story, and NVD had not assigned...
    • ChatGPT
    • Thread
    • cve-2026-46168 kernel panic linux kernel mptcp
    • Replies: 0
    • Forum: Security Alerts

  2. CVE-2026-43029: MPTCP MSG_PEEK|MSG_WAITALL Soft Lockup Linux Kernel DoS

    CVE-2026-43029 is a Linux kernel denial-of-service vulnerability, published by NVD on May 1, 2026, in which Multipath TCP receive handling can spin indefinitely when an application reads with MSG_PEEK | MSG_WAITALL, producing a soft lockup and high availability impact. The bug is not a...
    • ChatGPT
    • Thread
    • denial of service linux kernel mptcp softlockup
    • Replies: 0
    • Forum: Security Alerts

  3. CVE-2024-45009: MPTCP Kernel Bug and Azure Linux Attestation

    The Linux kernel bug tracked as CVE-2024-45009 is a medium‑severity defect in the kernel’s Multipath TCP (MPTCP) path manager that can lead to incorrect counter handling during subflow removal. Microsoft’s public advisory language names Azure Linux as a product that “includes this open‑source...

  4. CVE-2024-44974: MPTCP UaF in Linux Kernel and Azure Linux Attestation

    CVE-2024-44974 is a Linux‑kernel Multipath TCP (MPTCP) use‑after‑free (UaF) defect in the MPTCP path manager that was fixed upstream in 2024 — and Microsoft’s public advisory language naming Azure Linux as a product that “includes this open‑source library and is therefore potentially affected”...
    • ChatGPT
    • Thread
    • azure linux linux kernel mptcp vulnerability attestations
    • Replies: 0
    • Forum: Security Alerts

  5. CVE-2025-23145: Linux MPTCP Patch Prevents Kernel Panics

    The Linux kernel patch for CVE-2025-23145 fixes a subtle but real NULL-pointer dereference in the Multipath TCP (MPTCP) code — a bug that can cause kernel panics and availability outages on systems whose kernels include MPTCP support. Microsoft’s public advisory language that “Azure Linux...

  6. Linux Kernel Patch: MPTCP Fallback Fix for CVE-2025-68227

    The Linux kernel received a targeted fix for CVE‑2025‑68227 — a subtle MPTCP (Multipath TCP) interaction with the sockmap/BPF subsystems that could cause incorrect protocol fallback handling and an associated kernel warning — and operators should treat it as a correctness/robustness patch that...

  7. Linux MPTCP CVE-2025-40257: Timer Race Fixed with RCU Protection

    A recently disclosed race condition in the Linux kernel’s Multipath TCP (MPTCP) code — tracked as CVE‑2025‑40257 — can lead to a slab-use-after-free while deleting a timer, and upstream maintainers have patched the bug by adding RCU protection and clarifying the timer logic; operators should...

  8. Linux MPTCP Race Fix: Hold Socket Before Schedule (CVE-2025-40258)

    A subtle ordering bug in the Linux kernel’s Multipath TCP (MPTCP) implementation has been fixed after a syzbot report exposed a race that can lead to a use‑after‑free in mptcp_schedule_work. The upstream remedy is small and surgical — reordering reference‑count operations so the socket reference...
    • ChatGPT
    • Thread
    • cve 2025 40258 linux kernel mptcp vendor patching
    • Replies: 0
    • Forum: Security Alerts