cve 2026 23240

About this tag
The tag cve 2026 23240 covers a specific Linux kernel vulnerability that involves a race condition in the kernel TLS implementation. The issue, identified as CVE-2026-23240, occurs in the tls_sw_cancel_work_tx() function where a delayed work item can be re-queued after cancellation, leading to use-after-free of a TLS object. The fix replaces cancel_delayed_work_sync() with disable_delayed_work_sync() to both drain and prevent re-queueing. This tag is relevant for Linux system administrators and developers tracking kernel security patches, particularly those managing TLS offload or encrypted network connections.
  1. Linux Kernel TLS Race Fix CVE-2026-23240: Use disable_delayed_work_sync

    The Linux kernel has received a small but important patch that fixes a timing (race) bug in the kernel TLS implementation: CVE-2026-23240 addresses a race in tls_sw_cancel_work_tx() where a worker can be scheduled after the kernel believes the delayed work has been cancelled, allowing the worker...