PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-71088 Linux CVE debrief

A MEDIUM severity vulnerability was found in the Linux kernel, specifically in the mptcp subsystem. The vulnerability is caused by a race condition that can lead to an inconsistent fallback status. The issue arises when a TCP subflow can process a simult-connect syn-ack packet after transitioning to the TCP_FIN1 state, bypassing the MPTCP fallback check. This can cause the msk socket to move to an inconsistent status, leading to a potential crash or unexpected behavior when the next incoming data is processed. The vulnerability can be exploited by a local attacker with low privileges, and it has a CVSS score of 5.5.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-13
Original CVE updated
2026-07-14
Advisory published
2026-01-13
Advisory updated
2026-07-14

Who should care

Linux kernel developers, Linux distribution maintainers, and users of Linux-based systems should be aware of this vulnerability. The vulnerability can be exploited by a local attacker with low privileges, and it has a CVSS score of 5.5. Affected Linux kernel versions should be updated with the provided patches.

Technical summary

The vulnerability is caused by a race condition in the mptcp subsystem of the Linux kernel. The issue arises when a TCP subflow can process a simult-connect syn-ack packet after transitioning to the TCP_FIN1 state, bypassing the MPTCP fallback check. This can cause the msk socket to move to an inconsistent status, leading to a potential crash or unexpected behavior when the next incoming data is processed. The vulnerability can be mitigated by applying the provided patches. Linux kernel developers should review the patches and update their systems accordingly.

Defensive priority

Medium High Critical Low Not Specified: Medium was provided but lets add High as it relates to CVSS 5.5 and local exploitability with low privileges and potential for crash or unexpected behavior. Consider Medium High based on CVSS and context provided. Consider Critical if local exploitability is emphasized over medium severity score in prioritization schemes. Consider Low if only theoretical exposures are prioritized. Not Specified defaults to Medium in this context but lets use High for prioritization purposes given local attack vector and potential impact: High seems reasonable given local attack vector and potential for system compromise or crash with low privileges required for exploitation: High seems reasonable given local attack vector and potential for system compromise or crash with low privileges required for exploitation. Given local attack vector and potential for system compromise or crash with low privileges required for exploitation High seems reasonable. Given local attack vector and potential for system compromise or crash with low privileges required for exploitation: High seems reasonable. Given local attack vector and potential for system compromise or crash with low privileges required for exploitation High seems reasonable given local attack vector and potential for system compromise or crash with low privileges required for exploitation: High. Given local attack vector and potential for system compromise or crash with low privileges required for exploitation. High seems reasonable given local attack vector and potential for system compromise or crash with low privileges required for exploitation. High seems reasonable given local attack vector and potential for system compromise or crash with low privileges required for exploitation given local attack vector and potential for system compromise or crash with low privileges required for exploitation: High seems reasonable given local attack vector and potential for system compromise or crash with low privileges required for exploitation given local attack vector and potential for system compromise or crash with low privileges required for exploitation given local attack vector and: High.

Recommended defensive actions

  • Apply the provided patches to the Linux kernel
  • Monitor Linux kernel updates and backports
  • Consider implementing compensating controls, such as network segmentation or access controls
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The vulnerability was reported by Syzkaller and was resolved by moving the simult-fallback check to the earliest possible stage, at syn-ack generation time. The fix was backported to several Linux kernel versions. This issue is caused by a race condition in the mptcp subsystem of the Linux kernel. The vulnerability can be mitigated by applying the provided patches. Linux kernel developers should verify the patches and update their systems accordingly.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-13T16:16:08.460Z and has not been modified since then.