anonhaven
Ad

CVE-2026-23239

HIGH CVSS 3.1: 7.8 EPSS 0.01%
Updated Apr 02, 2026
Linux
Parameter Value
CVSS 7.8 (HIGH)
Vendor Linux
Public PoC No

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is called from espintcp_close(), espintcp_tx_work() can still be scheduled from paths such as the Delayed ACK handler or ksoftirqd. As a result, the espintcp_tx_work() worker may dereference a freed espintcp ctx or sk.

The following is a simple race scenario: cpu0 cpu1 espintcp_close() cancel_work_sync(&ctx->work); espintcp_write_space() schedule_work(&ctx->work); To prevent this race condition, cancel_work_sync() is replaced with disable_work_sync().

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

References 4

https://git.kernel.org/stable/c/022ff7f347588de6e17879a1da6019647b21321b
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/664e9df53226b4505a0894817ecad2c610ab11d8
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e1512c1db9e8794d8d130addd2615ec27231d994
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f7ad8b1d0e421c524604d5076b73232093490d5c
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40253

Linux

6.8

CVE-2026-41035

Linux

7.4

CVE-2026-40245

Linux

7.5

CVE-2026-6328

Linux

8.3

CVE-2026-39418

Linux

5.0