Skip to main content

Linux CVE-2026-23302

| EUVDEUVD-2026-15238 MEDIUM
Race Condition (CWE-362)
2026-03-25 Linux
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Red Hat
3.3 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 28, 2026 - 15:07 NVD
4.7 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15238
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:26 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

net: annotate data-races around sk->sk_{data_ready,write_space}

skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently.

Add corresponding READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP and AF_UNIX.

AnalysisAI

This vulnerability is a data-race condition in the Linux kernel where socket callback pointers (sk->sk_data_ready and sk->sk_write_space) are being modified concurrently by skmsg and other kernel layers without proper synchronization, potentially leading to information disclosure. All Linux kernel versions are affected across all architectures and distributions (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*), with the issue impacting UDP, TCP, and AF_UNIX socket implementations. An attacker with local access could potentially exploit this race condition to read sensitive data or cause memory corruption by triggering concurrent modifications to these critical function pointers.

Technical ContextAI

The vulnerability exists in the Linux kernel's socket implementation where the sk->sk_data_ready and sk->sk_write_space function pointers are modified by the skmsg subsystem (Socket Message handling) and potentially other kernel components without proper atomic or synchronization primitives. These pointers define callbacks that are invoked when data is ready or socket write space becomes available. The root cause is a CWE-366 (Race Condition) vulnerability where multiple CPUs can concurrently read and write these pointers without READ_ONCE() or WRITE_ONCE() compiler barriers, allowing the compiler to perform unsafe optimizations or cache values across potential modification boundaries. The fix involves annotating all accesses to these fields with READ_ONCE() and WRITE_ONCE() macros to ensure the kernel memory model treats each access as volatile and prevents compiler-level optimizations that could lead to stale or inconsistent reads of the callback pointers across the UDP, TCP, and AF_UNIX protocol families.

RemediationAI

Update the Linux kernel to the latest stable version that includes the data-race annotation patches (verify against the stable kernel commits at https://git.kernel.org/stable/c/f17c1c4acbe2bd702abce73a847a04a196fab2c5 and related commits). For distribution users, check with your vendor (Ubuntu, Red Hat, Debian, etc.) for kernel security updates and apply them immediately. Most mainstream distributions will have backported these fixes into their stable kernel maintenance branches. Until patching is completed, limit local user access to the system through proper process isolation and SELinux/AppArmor profiles that restrict socket operations. Monitor kernel logs for socket-related errors or anomalies that might indicate exploitation attempts. Enable kernel address space layout randomization (ASLR) and stack canaries to increase exploit complexity if patching is delayed.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23302 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy