CVE-2026-23179

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()

When the socket is closed while in TCP_LISTEN a callback is run to flush all outstanding packets, which in turns calls nvmet_tcp_listen_data_ready() with the sk_callback_lock held. So we need to check if we are in TCP_LISTEN before attempting to get the sk_callback_lock() to avoid a deadlock.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux675b453e024154dd547921c6e6d5b58747ba7e0e < 6e0c7503a5803d568d56a9f9bca662cd94a14908affected
LinuxLinux675b453e024154dd547921c6e6d5b58747ba7e0e < 1c90f930e7b410dd2d75a2a19a85e19c64e98ad5affected
LinuxLinux675b453e024154dd547921c6e6d5b58747ba7e0e < 2fa8961d3a6a1c2395d8d560ffed2c782681badeaffected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.12.70 <= 6.12.*unaffected
LinuxLinux6.18.10 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References