CVE-2026-23440

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the handling of IPSec ESN (Extended Sequence Number) wrap events in the mlx5e driver when operating in IPSec full offload mode. After validating an ESN event, the driver calls mlx5 accel esp modify xfrm() to update the kernel's xfrm state, which temporarily releases and re-acquires the xfrm state lock. This creates a window where a duplicate ESN update could be processed. Processing the event twice causes incorrect incrementing of the ESN high-order bits (esn msb), leading to anti-replay failures and a complete halt of IPSec traffic. The fix involves re-arming the ESN event immediately after validation, before calling mlx5 accel esp modify xfrm(), to ensure duplicate events are ignored.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.