CVE-2026-23240

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a race condition within the tls sw cancel work tx() function related to Transport Layer Security (TLS). A code audit identified that after cancel delayed work sync() is called from tls sk proto close(), the tx work handler() could still be scheduled through paths like the Delayed ACK handler or ksoftirqd. This could lead to the tx work handler() worker attempting to dereference a freed TLS object. The issue occurs due to a race condition between CPU0 and CPU1, where CPU0 calls tls sk proto close() and tls sw cancel work tx(), while CPU1 schedules tx work handler() via tls write space() and tls sw write space(). To address this, cancel delayed work sync() has been replaced with disable delayed work sync().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.