CVE-2026-23239

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> espintcp: Fix race condition in espintcp_close()<br /> <br /> This issue was discovered during a code audit.<br /> <br /> After cancel_work_sync() is called from espintcp_close(),<br /> espintcp_tx_work() can still be scheduled from paths such as<br /> the Delayed ACK handler or ksoftirqd.<br /> As a result, the espintcp_tx_work() worker may dereference a<br /> freed espintcp ctx or sk.<br /> <br /> The following is a simple race scenario:<br /> <br /> cpu0 cpu1<br /> <br /> espintcp_close()<br /> cancel_work_sync(&amp;ctx-&gt;work);<br /> espintcp_write_space()<br /> schedule_work(&amp;ctx-&gt;work);<br /> <br /> To prevent this race condition, cancel_work_sync() is<br /> replaced with disable_work_sync().