CVE-2026-23066 — Uncontrolled Recursion in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Latest updateFeb 10
Description
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix recvmsg() unconditional requeue
If rxrpc_recvmsg() fails because MSG_DONTWAIT was specified but the call at
the front of the recvmsg queue already has its mutex locked, it requeues
the call - whether or not the call is already queued. The call may be on
the queue because MSG_PEEK was also passed and so the call was not dequeued
or because the I/O thread requeued it.
The unconditional requeue may then corrupt the re…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
▶CVEListV5linux/linux540b1c48c37ac0ad66212004db21e1ff7e2d78be — 0464bf75590da75b8413c3e758c04647b4cdb3c6+4
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-rx25-rppp-x99w: In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix recvmsg() unconditional requeue
If rxrpc_recvmsg() fails because MSG_↗2026-02-04
OSV▶
CVE-2026-23066: In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() fails because MSG_DO↗2026-02-04