PatchSiren cyber security CVE debrief
CVE-2026-23321 Linux CVE debrief
A MEDIUM severity vulnerability was found in the Linux kernel, with a CVSS score of 5.5. The vulnerability is related to the MPTCP (Multipath TCP) protocol and can be triggered by a series of actions that cause a warning to be generated. The actions that can trigger the warning are: setting the MPTCP subflows limit to 0, creating an MPTCP endpoint with both the 'signal' and 'subflow' flags, creating a new MPTCP connection from a different address, and removing the MPTCP endpoint. This vulnerability affects Linux kernel users and administrators, especially those using kernel versions 6.1.106 to 6.1.167, 6.6.46 to 6.6.130, 6.10.5 to 6.11, 6.11.1 to 6.12.78, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-07-14
Who should care
Linux kernel users and administrators should be aware of this vulnerability, especially those using kernel versions 6.1.106 to 6.1.167, 6.6.46 to 6.6.130, 6.10.5 to 6.11, 6.11.1 to 6.12.78, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7. They should verify their kernel versions and apply patches or updates to mitigate the vulnerability.
Technical summary
The vulnerability is caused by a combination of actions that can generate a warning in the MPTCP protocol. The actions that can trigger the warning are: setting the MPTCP subflows limit to 0, creating an MPTCP endpoint with both the 'signal' and 'subflow' flags, creating a new MPTCP connection from a different address, and removing the MPTCP endpoint. The fix is available in kernel versions that have applied the patches. Linux kernel users should verify their kernel versions and apply the patches or update to a fixed version.
Defensive priority
Medium priority should be given to patching this vulnerability, as it can be triggered by a series of actions and has a MEDIUM severity score.
Recommended defensive actions
- Apply patches provided by the Linux kernel maintainers
- Update to a kernel version that includes the fix
- Monitor for potential exploitation attempts
- Implement compensating controls to mitigate the vulnerability
- Review and adjust MPTCP subflows limit and endpoint configurations
- Verify kernel versions and apply patches or updates
- Track exceptions and retest remediated assets
Evidence notes
The vulnerability was resolved by marking signal+subflow endpoints as used in the Linux kernel. The fix is available in kernel versions that have applied the patches. Linux kernel users should verify their kernel versions and apply the patches or update to a fixed version. Evidence is limited to public CVE details and supplied advisory text.
Official resources
-
CVE-2026-23321 CVE record
CVE.org
-
CVE-2026-23321 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:28.900Z and has not been modified since then.