CVE-2026-43029

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mptcp: fix soft lockup in mptcp_recvmsg()<br /> <br /> syzbot reported a soft lockup in mptcp_recvmsg() [0].<br /> <br /> When receiving data with MSG_PEEK | MSG_WAITALL flags, the skb is not<br /> removed from the sk_receive_queue. This causes sk_wait_data() to always<br /> find available data and never perform actual waiting, leading to a soft<br /> lockup.<br /> <br /> Fix this by adding a &amp;#39;last&amp;#39; parameter to track the last peeked skb.<br /> This allows sk_wait_data() to make informed waiting decisions and prevent<br /> infinite loops when MSG_PEEK is used.<br /> <br /> [0]:<br /> watchdog: BUG: soft lockup - CPU#2 stuck for 156s! [server:1963]<br /> Modules linked in:<br /> CPU: 2 UID: 0 PID: 1963 Comm: server Not tainted 6.19.0-rc8 #61 PREEMPT(none)<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014<br /> RIP: 0010:sk_wait_data+0x15/0x190<br /> Code: 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 56 41 55 41 54 49 89 f4 55 48 89 d5 53 48 89 fb 83 ec 30 65 48 8b 05 17 a4 6b 01 48 89 44 24 28 31 c0 65 48 8b<br /> RSP: 0018:ffffc90000603ca0 EFLAGS: 00000246<br /> RAX: 0000000000000000 RBX: ffff888102bf0800 RCX: 0000000000000001<br /> RDX: 0000000000000000 RSI: ffffc90000603d18 RDI: ffff888102bf0800<br /> RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000101<br /> R10: 0000000000000000 R11: 0000000000000075 R12: ffffc90000603d18<br /> R13: ffff888102bf0800 R14: ffff888102bf0800 R15: 0000000000000000<br /> FS: 00007f6e38b8c4c0(0000) GS:ffff8881b877e000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 000055aa7bff1680 CR3: 0000000105cbe000 CR4: 00000000000006f0<br /> Call Trace:<br /> <br /> mptcp_recvmsg+0x547/0x8c0 net/mptcp/protocol.c:2329<br /> inet_recvmsg+0x11f/0x130 net/ipv4/af_inet.c:891<br /> sock_recvmsg+0x94/0xc0 net/socket.c:1100<br /> __sys_recvfrom+0xb2/0x130 net/socket.c:2256<br /> __x64_sys_recvfrom+0x1f/0x30 net/socket.c:2267<br /> do_syscall_64+0x59/0x2d0 arch/x86/entry/syscall_64.c:94<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e arch/x86/entry/entry_64.S:131<br /> RIP: 0033:0x7f6e386a4a1d<br /> Code: 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8d 05 f1 de 2c 00 41 89 ca 8b 00 85 c0 75 20 45 31 c9 45 31 c0 b8 2d 00 00 00 0f 05 3d 00 f0 ff ff 77 6b f3 c3 66 0f 1f 84 00 00 00 00 00 41 56 41<br /> RSP: 002b:00007ffc3c4bb078 EFLAGS: 00000246 ORIG_RAX: 000000000000002d<br /> RAX: ffffffffffffffda RBX: 000000000000861e RCX: 00007f6e386a4a1d<br /> RDX: 00000000000003ff RSI: 00007ffc3c4bb150 RDI: 0000000000000004<br /> RBP: 00007ffc3c4bb570 R08: 0000000000000000 R09: 0000000000000000<br /> R10: 0000000000000103 R11: 0000000000000246 R12: 00005605dbc00be0<br /> R13: 00007ffc3c4bb650 R14: 0000000000000000 R15: 0000000000000000<br />