#VU124896 Race condition in Linux kernel - CVE-2026-23473
Published: April 6, 2026
Vulnerability identifier: #VU124896
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23473
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of a wakeup race in io_uring multishot recv polling when processing socket wakeups and shutdown state changes. A local user can trigger back-to-back socket send and shutdown events to cause a denial of service.
The issue can cause the multishot recv operation to hang indefinitely because the shutdown event may be lost and no further wakeups occur.
Remediation
Install security update from vendor's repository.