CVE-2026-23239

EPSS 0.02%
Veröffentlicht 10.03.2026 17:28:26
Zuletzt bearbeitet 11.03.2026 13:53:20
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

espintcp: Fix race condition in espintcp_close()

This issue was discovered during a code audit.

After cancel_work_sync() is called from espintcp_close(),
espintcp_tx_work() can still be scheduled from paths such as
the Delayed ACK handler or ksoftirqd.
As a result, the espintcp_tx_work() worker may dereference a
freed espintcp ctx or sk.

The following is a simple race scenario:

           cpu0                             cpu1

  espintcp_close()
    cancel_work_sync(&ctx->work);
                                     espintcp_write_space()
                                       schedule_work(&ctx->work);

To prevent this race condition, cancel_work_sync() is
replaced with disable_work_sync().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < f7ad8b1d0e421c524604d5076b73232093490d5c

Version e27cca96cd68fa2c6814c90f9a1cfd36bb68c593

Status affected

Version < 664e9df53226b4505a0894817ecad2c610ab11d8

Version e27cca96cd68fa2c6814c90f9a1cfd36bb68c593

Status affected

Version < 022ff7f347588de6e17879a1da6019647b21321b

Version e27cca96cd68fa2c6814c90f9a1cfd36bb68c593

Status affected

Version < e1512c1db9e8794d8d130addd2615ec27231d994

Version e27cca96cd68fa2c6814c90f9a1cfd36bb68c593

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.6

Status affected

Version < 5.6

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.75

Status unaffected

Version <= 6.18.*

Version 6.18.16

Status unaffected

Version <= 6.19.*

Version 6.19.6

Status unaffected

Version <= *

Version 7.0-rc2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/f7ad8b1d0e421c524604d5076b73232093490d5c

https://git.kernel.org/stable/c/664e9df53226b4505a0894817ecad2c610ab11d8

https://git.kernel.org/stable/c/022ff7f347588de6e17879a1da6019647b21321b

https://git.kernel.org/stable/c/e1512c1db9e8794d8d130addd2615ec27231d994

https://nvd.nist.gov/vuln/detail/CVE-2026-23239

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23239

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23239

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23239