CVE-2026-23440Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition6 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 93.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race condition during IPSec ESN update In IPSec full offload mode, the device reports an ESN (Extended Sequence Number) wrap event to the driver. The driver validates this event by querying the IPSec ASO and checking that the esn_event_arm field is 0x0, which indicates an event has occurred. After handling the event, the driver must re-arm the context by setting esn_event_arm back to 0x1. A race condition exist

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxfef06678931ff67b158d337b581e5cf5ca40a3a33dffc083292e6872787bd7e34b957627622f9af4+5
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
OSV
CVE-2026-23440: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race condition during IPSec ESN update In IPSec full offload mode,2026-04-03
GHSA
GHSA-255w-8g7g-qmg6: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race condition during IPSec ESN update In IPSec full offload mode2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: net/mlx5e: Fix race condition during IPSec ESN update2026-04-03
Debian
CVE-2026-23440: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23440 Impact, Exploitability, and Mitigation Steps | Wiz