CVE-2026-23302

Published: Mar 25, 2026Modified: May 28, 2026

4.7

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently. Add corresponding READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP and AF_UNIX.

Affected (6)

Products: Linux: Linux Kernel

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.20 to 6.6.136
Linux Linux Kernel	From 6.13 to 6.18.17
Linux Linux Kernel	From 6.19 to 6.19.7
Linux Linux Kernel	From 6.7 to 6.12.82
Linux Linux Kernel	Version 7.0 rc1
Linux Linux Kernel	Version 7.0 rc2

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (5)

https://git.kernel.org/stable/c/27fccdbcbbfc4651b6f66756e6fa3f52e051ec23

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/2ef2b20cf4e04ac8a6ba68493f8780776ff84300

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/7ad01905831c815520f1b0486336a03bb7420465

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/c494448bb522bbbb63096540eb2319101a0480ab

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f17c1c4acbe2bd702abce73a847a04a196fab2c5

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.