CVE-2026-23239

HIGH EPSS 1.1%
Published Mar 10, 20263mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Mar 10, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is called from espintcp_close(), espintcp_tx_work() can still be scheduled from paths such as the Delayed ACK handler or ksoftirqd. As a result, the espintcp_tx_work() worker may dereference a freed espintcp ctx or sk. The following is a simple race scenario: cpu0 cpu1 espintcp_close() cancel_work_sync(&ctx->work); espintcp_write_space() schedule_work(&ctx->work); To prevent this race condition, cancel_work_sync() is replaced with disable_work_sync().

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
1.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.6  –  <6.12.75
linuxlinux_kernel*≥6.13  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6
linuxlinux_kernel7.0any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/022ff7f347588de6e17879a1da6019647b21321b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/664e9df53226b4505a0894817ecad2c610ab11d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1512c1db9e8794d8d130addd2615ec27231d994
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f7ad8b1d0e421c524604d5076b73232093490d5c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/022ff7f347588de6e17879a1da6019647b21321b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/664e9df53226b4505a0894817ecad2c610ab11d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1512c1db9e8794d8d130addd2615ec27231d994
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f7ad8b1d0e421c524604d5076b73232093490d5c
    Patch