CVE-2026-23240 — Race Condition within a Thread in Linux
Severity
9.8CRITICALNVD
EPSS
0.1%
top 80.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 10
Description
In the Linux kernel, the following vulnerability has been resolved:
tls: Fix race condition in tls_sw_cancel_work_tx()
This issue was discovered during a code audit.
After cancel_delayed_work_sync() is called from tls_sk_proto_close(),
tx_work_handler() can still be scheduled from paths such as the
Delayed ACK handler or ksoftirqd.
As a result, the tx_work_handler() worker may dereference a freed
TLS object.
The following is a simple race scenario:
cpu0 cpu1
tls_sk_proto_close()
tls_sw_can…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linuxf87e62d45e51b12d48d2cb46b5cde8f83b866bc4 — a5de36d6cee74a92c1a21b260bc507e64bc451de+4
🔴Vulnerability Details
4GHSA▶
GHSA-c96v-vvf3-2p7r: In the Linux kernel, the following vulnerability has been resolved:
tls: Fix race condition in tls_sw_cancel_work_tx()
This issue was discovered dur↗2026-03-10
OSV▶
CVE-2026-23240: In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered durin↗2026-03-10