Description
In the Linux kernel, the following vulnerability has been resolved:

net: annotate data-races around sk->sk_{data_ready,write_space}

skmsg (and probably other layers) are changing these pointers
while other cpus might read them concurrently.

Add corresponding READ_ONCE()/WRITE_ONCE() annotations
for UDP, TCP and AF_UNIX.
Published: 2026-03-25
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Potential Data Corruption
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a race condition in the Linux kernel's networking stack that allows concurrent reads and writes of the socket state pointers sk->sk_data_ready and sk->sk_write_space. This can lead to undefined kernel behaviour, including packet loss, crashes, or malformed socket state. The description indicates that the fix introduces READ_ONCE/WRITE_ONCE annotations for UDP, TCP and AF_UNIX to prevent the race. The CVSS score of 3.3 reflects a low impact and damage potential limited to kernel stability rather than immediate data exfiltration or privilege escalation.

Affected Systems

All Linux kernel installations that include the affected code paths – essentially any kernel that uses the networking drivers for UDP, TCP or UNIX domain sockets and has not applied the data‑race fix. No specific patch versions are listed, so all affected kernels should be upgraded to a version that includes the updated READ_ONCE/WRITE_ONCE annotations.

Risk and Exploitability

The CVSS rating of 3.3 and an EPSS score of less than 1 % suggest that exploitation is unlikely in the wild. The vulnerability does not appear in the KEV catalog, and no public exploit has been disclosed. The likely attack vector is a local or privileged user manipulating network traffic to trigger concurrent access to the socket pointers, though the description does not confirm an active exploit path. Mitigation is therefore to apply the patch rather than relying on monitoring.

Generated by OpenCVE AI on March 26, 2026 at 14:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the data‑race fix in net/skmsg and related networking code.

Generated by OpenCVE AI on March 26, 2026 at 14:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-366
References
Metrics threat_severity

None

 cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Low

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently. Add corresponding READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP and AF_UNIX.
Title net: annotate data-races around sk->sk_{data_ready,write_space}
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-18T08:57:48.866Z

Reserved: 2026-01-13T15:37:45.993Z

Link: CVE-2026-23302

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:25.923

Modified: 2026-04-18T09:16:17.943

Link: CVE-2026-23302

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23302 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:50:04Z

Weaknesses