Soft Lockup Vulnerability in Linux Kernel's MPTCP Protocol
CVE-2026-43029

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43029?

A vulnerability exists in the Linux kernel's MPTCP protocol that can lead to a soft lockup condition during data reception when specific flags are used. The issue arises when utilizing MSG_PEEK and MSG_WAITALL flags, preventing proper removal of the socket buffer from the receive queue. This oversight causes sk_wait_data to continuously find available data, leading to a state where actual waiting cannot occur, thus resulting in a soft lockup. A fix has been implemented to add a parameter that assists in managing socket buffers more effectively, thereby preventing infinite loops and ensuring smoother operations during data handling.

Affected Version(s)

Linux 8e04ce45a8db7a080220e86e249198fa676b83dc < 58b58b9ba89c43914eea90c18928e51852d10c24

Linux 8e04ce45a8db7a080220e86e249198fa676b83dc

Linux 8e04ce45a8db7a080220e86e249198fa676b83dc < 5dd8025a49c268ab6b94d978532af3ad341132a7

References

https://git.kernel.org/stable/c/58b58b9ba89c43914eea90c18...

https://git.kernel.org/stable/c/de3c248d1b69eaefa2d5b3da4...

https://git.kernel.org/stable/c/5dd8025a49c268ab6b94d9785...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43029 Data

JSON