CVE-2026-23372 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-23372 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and calls nfc_data_exchange which dereferences the NCI device. Without synchronization, tx_work can race with socket and device teardown when a process is killed (e.g. by SIGKILL), leading to use-after-free or leaked references. Set SEND_SHUTDOWN first so that if tx_work is already running it will see the flag and skip transmitting, then use cancel_work_sync to wait for any in-progress execution to finish, and finally purge any remaining queued skbs.

EPSS 0.02% · 6.2th percentile

Risk Scores

EPSS Score

0.02%

6.2th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	23b7869c0fd08d73c9f83a2db88a13312d6198bb, 23b7869c0fd08d73c9f83a2db88a13312d6198bb, 23b7869c0fd08d73c9f83a2db88a13312d6198bb
linux	linux_kernel	3.1, 3.1, 3.1

Timeline

Mar 25, 2026 EPSS Score
Mar 25, 2026 Coalition ESS Score
Mar 25, 2026 CVE Published
Mar 29, 2026 Security Advisory
Apr 18, 2026 CVE Updated

References

Open in Interactive Console →