Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-43198
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-06 May, 2026 | 11:28
Updated At-08 May, 2026 | 12:41
Rejected At-
▼CVE Numbering Authority (CNA)
tcp: fix potential race in tcp_v6_syn_recv_sock()

In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done too late. After tcp_v4_syn_recv_sock(), the child socket is already visible from TCP ehash table and other cpus might use it. Since newinet->pinet6 is still pointing to the listener ipv6_pinfo bad things can happen as syzbot found. Move the problematic code in tcp_v6_mapped_child_init() and call this new helper from tcp_v4_syn_recv_sock() before the ehash insertion. This allows the removal of one tcp_sync_mss(), since tcp_v4_syn_recv_sock() will call it with the correct context.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/inet_connection_sock.h
  • include/net/tcp.h
  • net/ipv4/syncookies.c
  • net/ipv4/tcp_fastopen.c
  • net/ipv4/tcp_ipv4.c
  • net/ipv4/tcp_minisocks.c
  • net/ipv6/tcp_ipv6.c
  • net/mptcp/subflow.c
  • net/smc/af_smc.c
Default Status
unaffected
Versions
Affected
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before fe89b2f05b854847784f91127319172945c1fadd (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 7178e2a8027423b2af17ab95df73a749a5b72e5b (git)
  • From 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 858d2a4f67ff69e645a43487ef7ea7f28f06deae (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/inet_connection_sock.h
  • include/net/tcp.h
  • net/ipv4/syncookies.c
  • net/ipv4/tcp_fastopen.c
  • net/ipv4/tcp_ipv4.c
  • net/ipv4/tcp_minisocks.c
  • net/ipv6/tcp_ipv6.c
  • net/mptcp/subflow.c
  • net/smc/af_smc.c
Default Status
affected
Versions
Affected
  • 2.6.12
Unaffected
  • From 0 before 2.6.12 (semver)
  • From 6.18.16 through 6.18.* (semver)
  • From 6.19.6 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/fe89b2f05b854847784f91127319172945c1fadd
N/A
https://git.kernel.org/stable/c/7178e2a8027423b2af17ab95df73a749a5b72e5b
N/A
https://git.kernel.org/stable/c/858d2a4f67ff69e645a43487ef7ea7f28f06deae
N/A
Hyperlink: https://git.kernel.org/stable/c/fe89b2f05b854847784f91127319172945c1fadd
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7178e2a8027423b2af17ab95df73a749a5b72e5b
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/858d2a4f67ff69e645a43487ef7ea7f28f06deae
Resource: N/A
Details not found