CVE-2026-23394

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the af unix subsystem related to garbage collection (GC) and the interaction with the MSG PEEK flag. Specifically, the GC mechanism could incorrectly identify and purge receive queues of active sockets due to a race condition with MSG PEEK. This occurs because MSG PEEK increments a file reference count without coordinating with the GC process. The issue arises when a socket is closed but can still be received via another socket, and MSG PEEK is used. The GC thread may incorrectly determine that both sockets are dead, leading to data loss or unexpected behavior. The problem was previously addressed but reintroduced due to changes in the GC algorithm. A solution involves using a sequence count to signal the race condition during MSG PEEK to the GC, allowing it to defer SCC processing to the next run, avoiding the need for locking on the MSG PEEK side.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.