Multipath TCP Context Reset Vulnerability in Linux Kernel
CVE-2025-71144

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 14 January 2026

What is CVE-2025-71144?

This vulnerability occurs in the Linux Kernel's Multipath TCP (MPTCP) implementation. It is due to the failure to reset the subflow context upon disconnection, particularly when the MPC subflow status is in TCP_CLOSE or has reverted to TCP during the disconnect process. As a result, any subsequent connections may start with incorrect flags, potentially leading to unexpected behaviors and system instability. Addressing this issue requires handling the fastclosing flag appropriately during the fast close process to avoid further complications related to subflow states.

Affected Version(s)

Linux 3a13454fd098ed51e733958488f8ec62859a9ed8 < 5c7c7135468f3fc6379cde9777a2c18bfe92d82f

Linux f6fb2cbc91a81178dea23d463503b4525a76825d < 1c7c3a9314d8a7fc0e9a508606466a967c8e774a

Linux ae155060247be8dcae3802a95bd1bdf93ab3215d

References

https://git.kernel.org/stable/c/5c7c7135468f3fc6379cde977...

https://git.kernel.org/stable/c/1c7c3a9314d8a7fc0e9a50860...

https://git.kernel.org/stable/c/f1a77dfc3b045c3dd5f6e6418...

Timeline

Vulnerability published
Jan 14, 2026
Vulnerability Reserved
Jan 13, 2026

JSON