CVE-2026-23441Incorrect Synchronization in Linux

CWE-821Incorrect Synchronization7 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single mlx5e_ipsec_aso struct for each PF, which contains a shared DMA-mapped context for all ASO operations. A race condition exists because the ASO spinlock is released before the hardware has finished processing WQE. If a second operation is initiated immediately after, it overwr

Affected Packages2 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux1ed78fc033074c55221a80498204c539a369687799aaee927800ea00b441b607737f9f67b1899755+5

🔴Vulnerability Details

3
OSV
CVE-2026-23441: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IP2026-04-03
CVEList
net/mlx5e: Prevent concurrent access to IPSec ASO context2026-04-03
GHSA
GHSA-c26h-gxpc-728g: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: net/mlx5e: Prevent concurrent access to IPSec ASO context2026-04-03
Debian
CVE-2026-23441: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23441 Impact, Exploitability, and Mitigation Steps | Wiz