CVE-2026-23275Race Condition within a Thread in Linux

CWE-366Race Condition within a Thread8 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 20

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORING_SQ_TASKRUN to happen in the small window of swapping into the new rings and the old rings being freed. Prevent this by adding a 2nd ->rings pointer, ->rings_rcu, which is protected by RCU. The task work flags manipulation

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Linuxlinux/linux_kernel6.13.06.18.19+1
Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux79cfe9e59c2a12c3b3faeeefe38d23f3d80309727cc4530b3e952d4a5947e1e55d06620d8845d4f5+3

🔴Vulnerability Details

4
OSV
io_uring: ensure ctx->rings is stable for task work flags manipulation2026-03-20
CVEList
io_uring: ensure ctx->rings is stable for task work flags manipulation2026-03-20
OSV
CVE-2026-23275: In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TA2026-03-20
GHSA
GHSA-w9fp-2248-jh3m: In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_2026-03-20

📋Vendor Advisories

2
Red Hat
kernel: io_uring: ensure ctx->rings is stable for task work flags manipulation2026-03-20
Debian
CVE-2026-23275: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring: e...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23275 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23275 — Race Condition within a Thread | cvebase