Divide-by-Zero Vulnerability in Linux Kernel Affecting MultiPath TCP Functionality
CVE-2025-68291

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68291?

A divide-by-zero vulnerability has been identified in the MultiPath TCP (MPTCP) implementation of the Linux kernel, which could lead to unexpected behavior during the fast close operation, specifically in the function mptcp_do_fastclose(). A report by syzbot indicated an occurrence of the issue during execution, necessitating the initialization of the rcv_mss variable to a safe minimum value before being utilized in the tcp_send_active_reset() call. This fix aims to enhance the stability and security of MPTCP operations, ensuring reliable performance and mitigating the risk of crashes.

Affected Version(s)

Linux f6fb2cbc91a81178dea23d463503b4525a76825d < 05f5e26d488cdc7abc2a826cf1071782d5a21203

Linux c4f7b0916b95fd2226e5ab98882482b08f52e1c0 < 88163f85d59b4164884df900ee171720fd26686b

Linux ae155060247be8dcae3802a95bd1bdf93ab3215d

References

https://git.kernel.org/stable/c/05f5e26d488cdc7abc2a826cf...

https://git.kernel.org/stable/c/88163f85d59b4164884df900e...

https://git.kernel.org/stable/c/f07f4ea53e22429c84b20832f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 16, 2025

JSON