CVE-2026-23302
MediumCVSS 4.7Exploitation Probability (EPSS)
Low risk1th percentile - higher than 1% of all known CVEs
Summary
A data race vulnerability was found in the Linux kernel around the sk->sk_data_ready and sk->sk_write_space pointers. The skmsg layer (and possibly others) modifies these pointers while other CPUs may read them concurrently, leading to undefined behavior.
Risk Assessment
The risk involves potential data corruption or incorrect network behavior in multi-core systems, which could lead to application crashes or compromise network communication integrity.
Recommendation
Immediately update the Linux kernel to a version containing the fix with READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP, and AF_UNIX.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently. Add corresponding READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP and AF_UNIX.

