PT-2026-30033 · Linux · Linux Kernel

Syzbot

Published

2026-04-03

Updated

2026-04-20

CVE-2026-23419

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a circular locking dependency within the rds tcp tune() function. The sk net refcnt upgrade() function is called while holding the socket lock, leading to a circular dependency with fs reclaim() due to memory allocation performed during the socket lock's critical section. This issue was reported by syzbot. The fix involves moving the sk net refcnt upgrade() call outside the socket lock critical section, as the modified fields are not concurrently accessed at that point.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

CVE-2026-23419

ECHO-58D1-25B9-926E

OPENSUSE-SU-2026:20572-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21237-1

SUSE-SU-2026:21255-1

Affected Products

Linux Kernel

PT-2026-30033 · Linux · Linux Kernel

CVE-2026-23419

Weakness Enumeration

Related Identifiers

Affected Products

References · 205