This follow-up to CVE-2024-57882 by Solar Designer also worth reading:
https://seclists.org/oss-sec/2025/q2/3"A reason CVE-2024-57882 may have stayed unpatched in a distro is it could have been wrongly believed to be a NULL pointer dereference only due to a specific crash reported by Syzbot."
"net.mptcp.enabled can be set from inside an unprivileged net namespace"