CVE-2026-23393

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the bridge component when deleting a peer MEP (Maintenance Engineering Protocol). Specifically, the issue occurs because cancel delayed work sync() was called on ccm rx dwork before freeing the memory, but br cfm frame rx() could reschedule ccm rx dwork between the cancellation and the memory being freed, leading to a use-after-free condition. The issue was addressed by replacing cancel delayed work sync() with disable delayed work sync() in the peer MEP deletion paths, which silently rejects subsequent attempts to reschedule the work. The cc peer disable() helper retains cancel delayed work sync() as it is used in a different context where rescheduling is necessary.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.