CVE-2026-23372Signal Handler Race Condition in Linux

CWE-364Signal Handler Race Condition9 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and calls nfc_data_exchange which dereferences the NCI device. Without synchronization, tx_work can race with socket and device teardown when a process is killed (e.g. by SIGKILL), leading to use-after-free or leaked references.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

Linuxlinux/linux_kernel3.1.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux23b7869c0fd08d73c9f83a2db88a13312d6198bb3ae592ed91bb4b6b51df256b51045c13d2656049+6
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

4
CVEList
nfc: rawsock: cancel tx_work before socket teardown2026-03-25
OSV
nfc: rawsock: cancel tx_work before socket teardown2026-03-25
OSV
CVE-2026-23372: In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel a2026-03-25
GHSA
GHSA-v5pm-g3x4-2pmj: In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: nfc: rawsock: cancel tx_work before socket teardown2026-03-25
Microsoft
nfc: rawsock: cancel tx_work before socket teardown2026-03-10
Debian
CVE-2026-23372: linux - In the Linux kernel, the following vulnerability has been resolved: nfc: rawsoc...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23372 Impact, Exploitability, and Mitigation Steps | Wiz