CVE-2026-23179 — Deadlock in Linux

CWE-833 — Deadlock7 documents6 sources

Severity

6.5MEDIUM

No vector

EPSS

0.0%

top 93.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed while in TCP_LISTEN a callback is run to flush all outstanding packets, which in turns calls nvmet_tcp_listen_data_ready() with the sk_callback_lock held. So we need to check if we are in TCP_LISTEN before attempting to get the sk_callback_lock() to avoid a deadlock.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.7.0 — 6.12.70+1

▶Debianlinux/linux_kernel< 6.12.73-1+1

▶CVEListV5linux/linux675b453e024154dd547921c6e6d5b58747ba7e0e — 6e0c7503a5803d568d56a9f9bca662cd94a14908+3

▶debiandebian/linux< linux 6.18.10-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-g782-c42f-q4q3: In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed↗2026-02-14

▶

OSV

CVE-2026-23179: In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed w↗2026-02-14

▶

OSV

nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()↗2026-02-14

▶

📋Vendor Advisories

Red Hat

kernel: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()↗2026-02-14

▶

Debian

CVE-2026-23179: linux - In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: ...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23179 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶