PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23321 Linux CVE debrief

A MEDIUM severity vulnerability was found in the Linux kernel, with a CVSS score of 5.5. The vulnerability is related to the MPTCP (Multipath TCP) protocol and can be triggered by a series of actions that cause a warning to be generated. The actions that can trigger the warning are: setting the MPTCP subflows limit to 0, creating an MPTCP endpoint with both the 'signal' and 'subflow' flags, creating a new MPTCP connection from a different address, and removing the MPTCP endpoint. This vulnerability affects Linux kernel users and administrators, especially those using kernel versions 6.1.106 to 6.1.167, 6.6.46 to 6.6.130, 6.10.5 to 6.11, 6.11.1 to 6.12.78, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-07-14
Advisory published
2026-03-25
Advisory updated
2026-07-14

Who should care

Linux kernel users and administrators should be aware of this vulnerability, especially those using kernel versions 6.1.106 to 6.1.167, 6.6.46 to 6.6.130, 6.10.5 to 6.11, 6.11.1 to 6.12.78, 6.13 to 6.18.17, 6.19 to 6.19.7, and 7.0 rc1 to rc7. They should verify their kernel versions and apply patches or updates to mitigate the vulnerability.

Technical summary

The vulnerability is caused by a combination of actions that can generate a warning in the MPTCP protocol. The actions that can trigger the warning are: setting the MPTCP subflows limit to 0, creating an MPTCP endpoint with both the 'signal' and 'subflow' flags, creating a new MPTCP connection from a different address, and removing the MPTCP endpoint. The fix is available in kernel versions that have applied the patches. Linux kernel users should verify their kernel versions and apply the patches or update to a fixed version.

Defensive priority

Medium priority should be given to patching this vulnerability, as it can be triggered by a series of actions and has a MEDIUM severity score.

Recommended defensive actions

  • Apply patches provided by the Linux kernel maintainers
  • Update to a kernel version that includes the fix
  • Monitor for potential exploitation attempts
  • Implement compensating controls to mitigate the vulnerability
  • Review and adjust MPTCP subflows limit and endpoint configurations
  • Verify kernel versions and apply patches or updates
  • Track exceptions and retest remediated assets

Evidence notes

The vulnerability was resolved by marking signal+subflow endpoints as used in the Linux kernel. The fix is available in kernel versions that have applied the patches. Linux kernel users should verify their kernel versions and apply the patches or update to a fixed version. Evidence is limited to public CVE details and supplied advisory text.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:28.900Z and has not been modified since then.