MPTCP Deadlock Issue in Linux Kernel
CVE-2025-71126
What is CVE-2025-71126?
A vulnerability exists in the Linux Kernel related to multipath TCP (MPTCP), where the absence of appropriate locking mechanisms can lead to a deadlock condition during fallback scenarios. This occurs when an MPTCP connection attempts to acquire a fallback lock while it is already holding that same lock, resulting in potential recursive locking. The issue is compounded when a packet scheduler tries to reinject packets after receiving an MP_FAIL, as it may attempt to do this atomically from the critical fallback section, risking another lock acquisition that could lead to a deadlock. Proper handling of locks during these operations is crucial to prevent such scenarios.
Affected Version(s)
Linux 5586518bec27666c747cd52aabb62d485686d0bf < 0107442e82c0f8d6010e07e6030741c59c520d6e
Linux 75a4c9ab8a7af0d76b31ccd1188ed178c38b35d2 < 252892d5a6a2f163ce18f32716e46fa4da7d4e79
Linux 54999dea879fecb761225e28f274b40662918c30 < 0ca9fb4335e726dab4f23b3bfe87271d8f005f41