CVE-2026-23239
Published: Mar 10, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is called from espintcp_close(), espintcp_tx_work() can still be scheduled from paths such as the Delayed ACK handler or ksoftirqd. As a result, the espintcp_tx_work() worker may dereference a freed espintcp ctx or sk. The following is a simple race scenario: cpu0 cpu1 espintcp_close() cancel_work_sync(&ctx->work); espintcp_write_space() schedule_work(&ctx->work); To prevent this race condition, cancel_work_sync() is replaced with disable_work_sync().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 - < f7ad8b1d0e421c524604d5076b73232093490d5caffected e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 - < 664e9df53226b4505a0894817ecad2c610ab11d8affected e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 - < 022ff7f347588de6e17879a1da6019647b21321baffected e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 - < e1512c1db9e8794d8d130addd2615ec27231d994 |
Linux | Linux | affected 5.6unaffected 0 - < 5.6unaffected 6.12.75 - <= 6.12.*unaffected 6.18.16 - <= 6.18.*unaffected 6.19.6 - <= 6.19.*+1 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now