EUVD-2026-15238
Lifecycle Timeline
4Description
In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently. Add corresponding READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP and AF_UNIX.
Analysis
This vulnerability is a data-race condition in the Linux kernel where socket callback pointers (sk->sk_data_ready and sk->sk_write_space) are being modified concurrently by skmsg and other kernel layers without proper synchronization, potentially leading to information disclosure. All Linux kernel versions are affected across all architectures and distributions (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*), with the issue impacting UDP, TCP, and AF_UNIX socket implementations. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Vendor Status
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 5.10.223-1 | - |
| bullseye (security) | vulnerable | 5.10.251-1 | - |
| bookworm | vulnerable | 6.1.159-1 | - |
| bookworm (security) | vulnerable | 6.1.164-1 | - |
| trixie | vulnerable | 6.12.73-1 | - |
| trixie (security) | vulnerable | 6.12.74-2 | - |
| forky, sid | fixed | 6.19.8-1 | - |
| (unstable) | fixed | 6.19.8-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today