CVE-2026-23239Race Condition within a Thread in Linux

CWE-366Race Condition within a Thread9 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 10

Description

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is called from espintcp_close(), espintcp_tx_work() can still be scheduled from paths such as the Delayed ACK handler or ksoftirqd. As a result, the espintcp_tx_work() worker may dereference a freed espintcp ctx or sk. The following is a simple race scenario: cpu0 cpu1 espintcp_close() cancel_work_sync(&

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Linuxlinux/linux_kernel5.6.06.12.75+2
Debianlinux/linux_kernel< 6.19.6-1
CVEListV5linux/linuxe27cca96cd68fa2c6814c90f9a1cfd36bb68c593f7ad8b1d0e421c524604d5076b73232093490d5c+4

🔴Vulnerability Details

4
GHSA
GHSA-246x-p35q-qhcq: In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered durin2026-03-10
CVEList
espintcp: Fix race condition in espintcp_close()2026-03-10
OSV
espintcp: Fix race condition in espintcp_close()2026-03-10
OSV
CVE-2026-23239: In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during2026-03-10

📋Vendor Advisories

3
Red Hat
kernel: Kernel: Race condition in espintcp can lead to denial of service2026-03-10
Microsoft
espintcp: Fix race condition in espintcp_close()2026-03-10
Debian
CVE-2026-23239: linux - In the Linux kernel, the following vulnerability has been resolved: espintcp: F...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23239 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23239 — Race Condition within a Thread | cvebase