Memory Management Flaw in Linux Kernel Affects MPTCP Subflow
CVE-2026-31669

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31669?

A memory management vulnerability has been identified in the Linux kernel, specifically impacting the MultiPath TCP (MPTCP) subflow mechanism. The flaw arises from improper initialization of the tcpv6_prot_override structure, which leads to child sockets being allocated via a memory cache lacking necessary safety protocols. This oversight can cause freed memory to be accessed during concurrent operations, resulting in potential stability issues and exposure to exploitation through slab-use-after-free scenarios. The issue has been addressed by implementing a separate initialization function to ensure correct memory handling during protocol setup, thereby securing the integrity of socket memory during operation.

Affected Version(s)

Linux b19bc2945b40b9fd38e835700907ffe8534ef0de

Linux b19bc2945b40b9fd38e835700907ffe8534ef0de < 3fd6547f5b8ac99687be6d937a0321efda760597

References

https://git.kernel.org/stable/c/f6e1f25fa5e733570f6d6fe37...

https://git.kernel.org/stable/c/fb1f54b7d16f393b8b65d3284...

https://git.kernel.org/stable/c/3fd6547f5b8ac99687be6d937...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31669 Data

JSON