CVE Catalog

CVE-2026-23302

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

1th percentile - higher than 1% of all known CVEs

Summary

A data race vulnerability was found in the Linux kernel around the sk->sk_data_ready and sk->sk_write_space pointers. The skmsg layer (and possibly others) modifies these pointers while other CPUs may read them concurrently, leading to undefined behavior.

Risk Assessment

The risk involves potential data corruption or incorrect network behavior in multi-core systems, which could lead to application crashes or compromise network communication integrity.

Recommendation

Immediately update the Linux kernel to a version containing the fix with READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP, and AF_UNIX.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently. Add corresponding READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP and AF_UNIX.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS