CVE-2026-45918

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the OpenVPN implementation within the Linux kernel. When a peer is deleted due to keepalive expiration, it is moved to a release list for processing via the ovpn peer keepalive work() and unlock ovpn(release list) functions. This process involves detaching from the socket by restoring original protocol and socket operations. If userspace closes the socket while the peer is in the release list, the tcp close(), tcp close(), sock orphan(), and sk set socket(sk, NULL) functions are executed concurrently, setting the sk socket member to NULL. Subsequently, the ovpn tcp socket detach() function attempts to dereference the NULL sk socket to restore its original operations, leading to a system crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.