CVE-2026-23240 Linux CVE debrief

Who should care

Linux kernel maintainers, distro security teams, and operators running affected Linux kernel releases—especially systems that use the kernel TLS networking path.

Technical summary

According to the CVE description, tls_sw_cancel_work_tx() calls cancel_delayed_work_sync() from tls_sk_proto_close(), but tx_work_handler() can still be scheduled again from paths such as the Delayed ACK handler or ksoftirqd. That race can let the worker dereference a freed TLS object. The fix replaces cancel_delayed_work_sync() with disable_delayed_work_sync() to prevent the rescheduling window. NVD classifies the weakness as CWE-362 and rates it CVSS 3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Defensive priority

Critical / urgent

Recommended defensive actions

• Apply the Linux kernel updates that include the stable fixes referenced by kernel.org.
• Verify whether your fleet is running an affected kernel range listed by NVD and ensure your vendor backport includes the fix.
• Prioritize hosts that use Linux kernel TLS or related networking paths for validation and patch rollout.
• Reboot into the patched kernel after installation and confirm the fixed build is active.
• Monitor distro/security advisories for backported fixes; the supplied corpus does not describe a safe workaround.

Evidence notes

The supplied CVE description states the issue was found during a code audit and explains the race in tls_sw_cancel_work_tx(). NVD marks the record as analyzed, assigns CVSS 9.8, and lists CWE-362. The reference set includes four official kernel.org stable patch links, supporting that the issue was fixed in kernel maintenance branches.

Official resources