CVE-2026-45889

medium Red Hat
EPSS Score
0.0%
Exploitation probability in 30 days
Top 96% most likely to be exploited
Published: May 27, 2026 (44 days ago)
Last Modified: May 27, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in the Linux kernel's Multipath TCP (MPTCP) implementation. This vulnerability occurs due to incorrect accounting for out-of-order (OoO) data in the `mptcp_rcvbuf_grow()` function. A subtle and very unlikely race condition could lead to a divide-by-zero error, potentially causing a system crash (Denial of Service).

CWE

CWE-369

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References