HOMEVULNERABILITIESCVE-2026-43029
HIGH

CVE-2026-43029

Published: May 1, 2026· Updated: May 3, 2026

7.5
CVSS v3.1
EPSS:0.04%probability of exploitation in 30 daysPercentile:11.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix soft lockup in mptcp_recvmsg()

syzbot reported a soft lockup in mptcp_recvmsg() [0].

When receiving data with MSG_PEEK | MSG_WAITALL flags, the skb is not

removed from the sk_receive_queue. This causes sk_wait_data() to always

find available data and never perform actual waiting, leading to a soft

lockup.

Fix this by adding a 'last' parameter to track the last peeked skb.

This allows sk_wait_data() to make informed waiting decisions and prevent

infinite loops when MSG_PEEK is used.

[0]:

watchdog: BUG: soft lockup - CPU#2 stuck for 156s! [server:1963]

Modules linked in:

CPU: 2 UID: 0 PID: 1963 Comm: server Not tainted 6.19.0-rc8 #61 PREEMPT(none)

Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014

RIP: 0010:sk_wait_data+0x15/0x190

Code: 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 56 41 55 41 54 49 89 f4 55 48 89 d5 53 48 89 fb <48> 83 ec 30 65 48 8b 05 17 a4 6b 01 48 89 44 24 28 31 c0 65 48 8b

RSP: 0018:ffffc90000603ca0 EFLAGS: 00000246

RAX: 0000000000000000 RBX: ffff888102bf0800 RCX: 0000000000000001

RDX: 0000000000000000 RSI: ffffc90000603d18 RDI: ffff888102bf0800

RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000101

R10: 0000000000000000 R11: 0000000000000075 R12: ffffc90000603d18

R13: ffff888102bf0800 R14: ffff888102bf0800 R15: 0000000000000000

FS: 00007f6e38b8c4c0(0000) GS:ffff8881b877e000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 000055aa7bff1680 CR3: 0000000105cbe000 CR4: 00000000000006f0

Call Trace:

<TASK>

mptcp_recvmsg+0x547/0x8c0 net/mptcp/protocol.c:2329

inet_recvmsg+0x11f/0x130 net/ipv4/af_inet.c:891

sock_recvmsg+0x94/0xc0 net/socket.c:1100

__sys_recvfrom+0xb2/0x130 net/socket.c:2256

__x64_sys_recvfrom+0x1f/0x30 net/socket.c:2267

do_syscall_64+0x59/0x2d0 arch/x86/entry/syscall_64.c:94

entry_SYSCALL_64_after_hwframe+0x76/0x7e arch/x86/entry/entry_64.S:131

RIP: 0033:0x7f6e386a4a1d

Code: 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8d 05 f1 de 2c 00 41 89 ca 8b 00 85 c0 75 20 45 31 c9 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6b f3 c3 66 0f 1f 84 00 00 00 00 00 41 56 41

RSP: 002b:00007ffc3c4bb078 EFLAGS: 00000246 ORIG_RAX: 000000000000002d

RAX: ffffffffffffffda RBX: 000000000000861e RCX: 00007f6e386a4a1d

RDX: 00000000000003ff RSI: 00007ffc3c4bb150 RDI: 0000000000000004

RBP: 00007ffc3c4bb570 R08: 0000000000000000 R09: 0000000000000000

R10: 0000000000000103 R11: 0000000000000246 R12: 00005605dbc00be0

R13: 00007ffc3c4bb650 R14: 0000000000000000 R15: 0000000000000000

</TASK>

NVD Source

Technical Analysis

CVE-2026-43029 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 7.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-43029
CVSS Score7.5 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.04%
PublishedMay 1, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43029 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.