CVE
DEBIAN-CVE-2026-43198
In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done ...
In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcpv6synrecvsock() Code in tcpv6synrecvsock() after the call to tcpv4synrecvsock() is done too late. After tcpv4synrecvsock(), the child socket is already visible from TCP ehash table and other cpus might use it. Since newinet->pinet6 is still pointing to the listener ipv6pinfo bad things can happen as syzbot found. Move the problematic code in tcpv6mappedchildinit() and call this new helper from tcpv4synrecvsock() before the ehash insertion. This allows the removal of one tcpsyncmss(), since tcpv4synrecv_sock() will call it with the correct context.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
-
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
C
H
U
-
Related Resources
No items found.
References
https://security-tracker.debian.org/tracker/CVE-2026-43198
Basic Information
Ecosystem
