CVE Catalog

CVE-2026-46168

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to the use of lock_sock_fast() in atomic context when setting timestamps. This change can lead to system panic due to scheduling while atomic.

Risk Assessment

Organizations may experience system crashes, leading to downtime and potential data loss. In particular, applications using multipath transport may be susceptible to performance issues.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability. Additionally, applications utilizing mptcp should be tested for stability post-update.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using lock_sock_fast() (atomic context) around sock_set_timestamp() and sock_set_timestamping() is unsafe, as both helpers can sleep. Replace lock_sock_fast() with sleepable lock_sock()/release_sock() to avoid scheduling while atomic panic.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS