CVE-2026-23240

EPSS 0.07%
Veröffentlicht 10.03.2026 17:28:27
Zuletzt bearbeitet 02.04.2026 15:16:25
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

tls: Fix race condition in tls_sw_cancel_work_tx()

In the Linux kernel, the following vulnerability has been resolved:

tls: Fix race condition in tls_sw_cancel_work_tx()

This issue was discovered during a code audit.

After cancel_delayed_work_sync() is called from tls_sk_proto_close(),
tx_work_handler() can still be scheduled from paths such as the
Delayed ACK handler or ksoftirqd.
As a result, the tx_work_handler() worker may dereference a freed
TLS object.

The following is a simple race scenario:

          cpu0                         cpu1

tls_sk_proto_close()
  tls_sw_cancel_work_tx()
                                 tls_write_space()
                                   tls_sw_write_space()
                                     if (!test_and_set_bit(BIT_TX_SCHEDULED, &tx_ctx->tx_bitmask))
    set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask);
    cancel_delayed_work_sync(&ctx->tx_work.work);
                                     schedule_delayed_work(&tx_ctx->tx_work.work, 0);

To prevent this race condition, cancel_delayed_work_sync() is
replaced with disable_delayed_work_sync().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version f87e62d45e51b12d48d2cb46b5cde8f83b866bc4

Version < a5de36d6cee74a92c1a21b260bc507e64bc451de

Status affected

Version f87e62d45e51b12d48d2cb46b5cde8f83b866bc4

Version < 854cd32bc74fe573353095e90958490e4e4d641b

Status affected

Version f87e62d45e51b12d48d2cb46b5cde8f83b866bc4

Version < 17153f154f80be2b47ebf52840f2d8f724eb2f3b

Status affected

Version f87e62d45e51b12d48d2cb46b5cde8f83b866bc4

Version < 7bb09315f93dce6acc54bf59e5a95ba7365c2be4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.3

Status affected

Version 0

Version < 5.3

Status unaffected

Version <= 6.12.*

Version 6.12.75

Status unaffected

Version <= 6.18.*

Version 6.18.16

Status unaffected

Version <= 6.19.*

Version 6.19.6

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.203

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/a5de36d6cee74a92c1a21b260bc507e64bc451de

https://git.kernel.org/stable/c/854cd32bc74fe573353095e90958490e4e4d641b

https://git.kernel.org/stable/c/17153f154f80be2b47ebf52840f2d8f724eb2f3b

https://git.kernel.org/stable/c/7bb09315f93dce6acc54bf59e5a95ba7365c2be4

https://nvd.nist.gov/vuln/detail/CVE-2026-23240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23240

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23240