CVE-2026-23372
Published: Mar 25, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and calls nfc_data_exchange which dereferences the NCI device. Without synchronization, tx_work can race with socket and device teardown when a process is killed (e.g. by SIGKILL), leading to use-after-free or leaked references. Set SEND_SHUTDOWN first so that if tx_work is already running it will see the flag and skip transmitting, then use cancel_work_sync to wait for any in-progress execution to finish, and finally purge any remaining queued skbs.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 23b7869c0fd08d73c9f83a2db88a13312d6198bb - < 9b2d23cd09e1cb56bdf0e4d5614703094159f16caffected 23b7869c0fd08d73c9f83a2db88a13312d6198bb - < cdeed45ce8c92defd057f7d67ee9a69374d8fa16affected 23b7869c0fd08d73c9f83a2db88a13312d6198bb - < 3ae592ed91bb4b6b51df256b51045c13d2656049affected 23b7869c0fd08d73c9f83a2db88a13312d6198bb - < 722a28b635ec281bb08a23885223526d8e7d6526affected 23b7869c0fd08d73c9f83a2db88a13312d6198bb - < 78141b8832e16d80d09cbefb4258612db0777a24+3 more versions |
Linux | Linux | affected 3.1unaffected 0 - < 3.1unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now