CVE-2026-46158 Linux CVE debrief

Who should care

Linux kernel maintainers, network administrators running MPTCP-enabled systems, and security teams tracking kernel networking subsystem vulnerabilities

Technical summary

The MPTCP (Multipath TCP) path manager in the Linux kernel contains a socket reference counting error in ADD_ADDR retransmission handling. When sk_reset_timer() holds a socket reference during retransmission, certain error return paths failed to call sock_put(), causing reference leaks. The fix introduces a unified exit label ensuring __sock_put() executes in all cases. The patch also removes a redundant NULL check and marks remaining unlikely conditions explicitly.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable kernel Git repositories to ensure proper socket reference counting in MPTCP ADD_ADDR retransmission paths
• Monitor for kernel updates addressing this fix in distribution security advisories
• Review MPTCP-enabled systems for potential resource exhaustion symptoms if unpatched kernels are in use

Evidence notes

The vulnerability description indicates this is a resource leak fix in MPTCP path manager ADD_ADDR retransmission handling. The fix ensures socket reference counting is properly decremented in all code paths by using a centralized exit label. The description notes the !msk check was removed as unreachable, and remaining checks marked as unlikely().

Official resources