CVE-2026-23179
Deadlock Vulnerability in Linux nvmet-tcp TCP_LISTEN Handling
Publication date: 2026-02-14
Last updated on: 2026-02-16
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's nvmet-tcp module. It occurs when a socket is closed while in the TCP_LISTEN state. During this process, a callback is triggered to flush all outstanding packets, which calls the function nvmet_tcp_listen_data_ready() while holding the sk_callback_lock. If the code does not check whether it is in TCP_LISTEN before attempting to acquire the sk_callback_lock, it can cause a deadlock.
How can this vulnerability impact me? :
This vulnerability can cause a deadlock in the Linux kernel's networking stack when handling TCP connections in the nvmet-tcp module. A deadlock can lead to the system or affected processes hanging or becoming unresponsive, potentially impacting system stability and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know