CVE-2026-23394Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMar 25
Latest updateApr 20

Description

In the Linux kernel, the following vulnerability has been resolved: af_unix: Give up GC if MSG_PEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSG_PEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0a ("af_unix: fix garbage collect vs MSG_PEEK"). After GC was replaced with the current algorithm, the cited commit removed the locking dance in unix_peek_fds() and reintroduced the same issue. Th

Affected Packages4 packages

Linuxlinux/linux_kernel6.10.06.19.10
Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux118f457da9ed58a79e24b73c2ef0aa1987241f0e37dd7ab332396eb8dd80b2dc7ea4b61abf767436+4
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

4
VulDB
Linux Kernel up to 6.19.9/7.0-rc4 af_unix unix_peek_fds reference count (EUVD-2026-15396)2026-04-20
OSV
CVE-2026-23394: In the Linux kernel, the following vulnerability has been resolved: af_unix: Give up GC if MSG_PEEK intervened2026-03-25
GHSA
GHSA-p5pc-67g7-qcv2: In the Linux kernel, the following vulnerability has been resolved: af_unix: Give up GC if MSG_PEEK intervened2026-03-25
OSV
af_unix: Give up GC if MSG_PEEK intervened.2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: af_unix: Give up GC if MSG_PEEK intervened2026-03-25
Debian
CVE-2026-23394: linux - In the Linux kernel, the following vulnerability has been resolved: af_unix: Gi...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23394 Impact, Exploitability, and Mitigation Steps | Wiz