wid-sec-w-2026-0680 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Linux Kernel: Multiple Vulnerabilities allow Denial of Service

CVSS 9.8 CRITICAL

Risk Summary

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync() is called from tls_sk_proto_close(), tx_work_handler() can still be scheduled from paths such as the Delayed ACK handler or ksoftirqd. As a result, the tx_work_handler() worker may dereference a freed TLS object. The following is a simple race scenario: cpu0 cpu1 tls_sk_proto_close() tls_sw_cancel_work_tx() tls_write_space() tls_sw_write_space() if (!test_and_set_bit(BIT_TX_SCHEDULED, &tx_ctx->tx_bitmask)) set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask); cancel_delayed_work_sync(&ctx->tx_work.work); schedule_delayed_work(&tx_ctx->tx_work.work, 0); To prevent this race condition, cancel_delayed_work_sync() is replaced with disable_delayed_work_sync().

CVEs (2)

CVE-2026-23239 CVE-2026-23240

Affected Vendors

Open Source

Affected Products (8)

Open Source · Linux Kernel <6.12.75

Open Source · Linux Kernel 6.12.75

Open Source · Linux Kernel <6.18.16

Open Source · Linux Kernel 6.18.16

Open Source · Linux Kernel <6.19.6

Open Source · Linux Kernel 6.19.6

Open Source · Linux Kernel <7.0-rc2

Open Source · Linux Kernel 7.0-rc2

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more