CVE-2026-23372
HIGH EPSS 3.1%
Published Mar 25, 20263mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and calls nfc_data_exchange which dereferences the NCI device. Without synchronization, tx_work can race with socket and device teardown when a process is killed (e.g. by SIGKILL), leading to use-after-free or leaked references. Set SEND_SHUTDOWN first so that if tx_work is already running it will see the flag and skip transmitting, then use cancel_work_sync to wait for any in-progress execution to finish, and finally purge any remaining queued skbs.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
3.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 15
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥3.1.1 – <5.10.253 |
| linux | linux_kernel | * | ≥5.11 – <5.15.203 |
| linux | linux_kernel | * | ≥5.16 – <6.1.167 |
| linux | linux_kernel | * | ≥6.2 – <6.6.130 |
| linux | linux_kernel | * | ≥6.7 – <6.12.77 |
| linux | linux_kernel | * | ≥6.13 – <6.18.17 |
| linux | linux_kernel | * | ≥6.19 – <6.19.7 |
| linux | linux_kernel | 3.1 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
References 8
- git.kernel.org https://git.kernel.org/stable/c/3ae592ed91bb4b6b51df256b51045c13d2656049
- git.kernel.org https://git.kernel.org/stable/c/722a28b635ec281bb08a23885223526d8e7d6526
- git.kernel.org https://git.kernel.org/stable/c/78141b8832e16d80d09cbefb4258612db0777a24
- git.kernel.org https://git.kernel.org/stable/c/9b2d23cd09e1cb56bdf0e4d5614703094159f16c
- git.kernel.org https://git.kernel.org/stable/c/cdeed45ce8c92defd057f7d67ee9a69374d8fa16
- git.kernel.org https://git.kernel.org/stable/c/d793458c45df2aed498d7f74145eab7ee22d25aa
- git.kernel.org https://git.kernel.org/stable/c/da4515fc8263c5933ed605e396af91079806dc45
- git.kernel.org https://git.kernel.org/stable/c/edc988613def90c5b558e025b1b423f48007be06
Remediation
- git.kernel.org https://git.kernel.org/stable/c/3ae592ed91bb4b6b51df256b51045c13d2656049
- git.kernel.org https://git.kernel.org/stable/c/722a28b635ec281bb08a23885223526d8e7d6526
- git.kernel.org https://git.kernel.org/stable/c/78141b8832e16d80d09cbefb4258612db0777a24
- git.kernel.org https://git.kernel.org/stable/c/9b2d23cd09e1cb56bdf0e4d5614703094159f16c
- git.kernel.org https://git.kernel.org/stable/c/cdeed45ce8c92defd057f7d67ee9a69374d8fa16
- git.kernel.org https://git.kernel.org/stable/c/d793458c45df2aed498d7f74145eab7ee22d25aa
- git.kernel.org https://git.kernel.org/stable/c/da4515fc8263c5933ed605e396af91079806dc45
- git.kernel.org https://git.kernel.org/stable/c/edc988613def90c5b558e025b1b423f48007be06