CVE-2026-23239

{"id": "CVE-2026-23239", "cveTags": [], "metrics": {}, "published": "2026-03-10T18:18:13.383", "references": [{"url": "https://git.kernel.org/stable/c/022ff7f347588de6e17879a1da6019647b21321b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/664e9df53226b4505a0894817ecad2c610ab11d8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e1512c1db9e8794d8d130addd2615ec27231d994", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f7ad8b1d0e421c524604d5076b73232093490d5c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: Fix race condition in espintcp_close()\n\nThis issue was discovered during a code audit.\n\nAfter cancel_work_sync() is called from espintcp_close(),\nespintcp_tx_work() can still be scheduled from paths such as\nthe Delayed ACK handler or ksoftirqd.\nAs a result, the espintcp_tx_work() worker may dereference a\nfreed espintcp ctx or sk.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\n espintcp_close()\n cancel_work_sync(&ctx->work);\n espintcp_write_space()\n schedule_work(&ctx->work);\n\nTo prevent this race condition, cancel_work_sync() is\nreplaced with disable_work_sync()."}], "lastModified": "2026-03-11T13:53:20.707", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}