CVE-2026-23473

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> io_uring/poll: fix multishot recv missing EOF on wakeup race<br /> <br /> When a socket send and shutdown() happen back-to-back, both fire<br /> wake-ups before the receiver&amp;#39;s task_work has a chance to run. The first<br /> wake gets poll ownership (poll_refs=1), and the second bumps it to 2.<br /> When io_poll_check_events() runs, it calls io_poll_issue() which does a<br /> recv that reads the data and returns IOU_RETRY. The loop then drains all<br /> accumulated refs (atomic_sub_return(2) -&gt; 0) and exits, even though only<br /> the first event was consumed. Since the shutdown is a persistent state<br /> change, no further wakeups will happen, and the multishot recv can hang<br /> forever.<br /> <br /> Check specifically for HUP in the poll loop, and ensure that another<br /> loop is done to check for status if more than a single poll activation<br /> is pending. This ensures we don&amp;#39;t lose the shutdown event.