Back to CVE List

CVE-2026-23372

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved:

nfc: rawsock: cancel tx_work before socket teardown

In rawsock_release(), cancel any pending tx_work and purge the write
queue before orphaning the socket. rawsock_tx_work runs on the system
workqueue and calls nfc_data_exchange which dereferences the NCI
device. Without synchronization, tx_work can race with socket and
device teardown when a process is killed (e.g. by SIGKILL), leading
to use-after-free or leaked references.

Set SEND_SHUTDOWN first so that if tx_work is already running it will
see the flag and skip transmitting, then use cancel_work_sync to wait
for any in-progress execution to finish, and finally purge any
remaining queued skbs.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Linux
Product
Linux

External References

Discussion (0)

Add Comment

No comments yet. Be the first!