4.7
CVE-2026-23302
- EPSS 0.09%
- Veröffentlicht 25.03.2026 10:26:57
- Zuletzt bearbeitet 04.07.2026 12:16:54
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
net: annotate data-races around sk->sk_{data_ready,write_space}
In the Linux kernel, the following vulnerability has been resolved:
net: annotate data-races around sk->sk_{data_ready,write_space}
skmsg (and probably other layers) are changing these pointers
while other cpus might read them concurrently.
Add corresponding READ_ONCE()/WRITE_ONCE() annotations
for UDP, TCP and AF_UNIX.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.20 < 6.6.136
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.82
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.17
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.7
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.006 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://git.kernel.org/stable/c/f17c1c4acbe2bd702abce73a847a04a196fab2c5
https://git.kernel.org/stable/c/27fccdbcbbfc4651b6f66756e6fa3f52e051ec23
https://git.kernel.org/stable/c/2ef2b20cf4e04ac8a6ba68493f8780776ff84300
https://git.kernel.org/stable/c/c494448bb522bbbb63096540eb2319101a0480ab
https://git.kernel.org/stable/c/7ad01905831c815520f1b0486336a03bb7420465
https://git.kernel.org/stable/c/279f2b67d1c44ee139bd3fdb221850daa9358449