{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23179", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.984Z", "datePublished": "2026-02-14T16:27:10.778Z", "dateUpdated": "2026-05-11T22:01:51.043Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:01:51.043Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()\n\nWhen the socket is closed while in TCP_LISTEN a callback is run to\nflush all outstanding packets, which in turns calls\nnvmet_tcp_listen_data_ready() with the sk_callback_lock held.\nSo we need to check if we are in TCP_LISTEN before attempting\nto get the sk_callback_lock() to avoid a deadlock."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/target/tcp.c"], "versions": [{"version": "675b453e024154dd547921c6e6d5b58747ba7e0e", "lessThan": "6e0c7503a5803d568d56a9f9bca662cd94a14908", "status": "affected", "versionType": "git"}, {"version": "675b453e024154dd547921c6e6d5b58747ba7e0e", "lessThan": "1c90f930e7b410dd2d75a2a19a85e19c64e98ad5", "status": "affected", "versionType": "git"}, {"version": "675b453e024154dd547921c6e6d5b58747ba7e0e", "lessThan": "2fa8961d3a6a1c2395d8d560ffed2c782681bade", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/target/tcp.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.70", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.10", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.18.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6e0c7503a5803d568d56a9f9bca662cd94a14908"}, {"url": "https://git.kernel.org/stable/c/1c90f930e7b410dd2d75a2a19a85e19c64e98ad5"}, {"url": "https://git.kernel.org/stable/c/2fa8961d3a6a1c2395d8d560ffed2c782681bade"}], "title": "nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()\n\nWhen the socket is closed while in TCP_LISTEN a callback is run to\nflush all outstanding packets, which in turns calls\nnvmet_tcp_listen_data_ready() with the sk_callback_lock held.\nSo we need to check if we are in TCP_LISTEN before attempting\nto get the sk_callback_lock() to avoid a deadlock."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnvmet-tcp: corregir cuelgue en nvmet_tcp_listen_data_ready()\n\nCuando el socket se cierra mientras est\u00e1 en TCP_LISTEN, se ejecuta una devoluci\u00f3n de llamada para vaciar todos los paquetes pendientes, lo que a su vez llama a nvmet_tcp_listen_data_ready() con el sk_callback_lock retenido. As\u00ed que necesitamos verificar si estamos en TCP_LISTEN antes de intentar obtener el sk_callback_lock() para evitar un interbloqueo."}], "id": "CVE-2026-23179", "lastModified": "2026-04-15T14:34:27.800", "metrics": {}, "published": "2026-02-14T17:15:55.643", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1c90f930e7b410dd2d75a2a19a85e19c64e98ad5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2fa8961d3a6a1c2395d8d560ffed2c782681bade"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6e0c7503a5803d568d56a9f9bca662cd94a14908"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()", "id": "2439952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439952"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()\nWhen the socket is closed while in TCP_LISTEN a callback is run to\nflush all outstanding packets, which in turns calls\nnvmet_tcp_listen_data_ready() with the sk_callback_lock held.\nSo we need to check if we are in TCP_LISTEN before attempting\nto get the sk_callback_lock() to avoid a deadlock."], "name": "CVE-2026-23179", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23179\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23179\nhttps://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23179-6ff7@gregkh/T"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f532b29b0e313f42b964014038b0f52899b240ec)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,6e0c7503a5803d568d56a9f9bca662cd94a14908)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,1c90f930e7b410dd2d75a2a19a85e19c64e98ad5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2fa8961d3a6a1c2395d8d560ffed2c782681bade)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.124,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.70,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.10,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-18T12:15:43.564302+00:00", "value": {"mitigation_remediation": ["Apply the latest kernel update that includes the nvmet_tcp_listen_data_ready patch", "If an immediate kernel update is not possible, restart the affected system or the nvmet\u2011tcp service once the patch is applied to clear the deadlock state", "Update any firmware or drivers that interact with nvme\u2011over\u2011fabrics to ensure compatibility with the patched kernel"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service due to kernel deadlock"}, "threat_synthesis": {"affected_systems": "Any Linux kernel that has not incorporated the recent patch committing the fix to nvmet_tcp_listen_data_ready. The vulnerability resides in the core kernel code that implements NVMe\u2011over\u2011Fabrics over TCP, so it potentially affects all distributions that ship with an unpatched kernel image for that feature.", "description_and_impact": "The kernel contains a deadlock condition in the nvmet-tcp subsystem triggered when a socket in the TCP_LISTEN state is closed. During the cleanup callback the code attempts to reacquire the sk_callback_lock, which is already held, leading to a stall of the network stack. The resulting hang can prevent new connections from being accepted and may degrade or crash the kernel, effectively creating a denial\u2011of\u2011service scenario for any host relying on NVMe traffic over TCP. The flaw is a concurrency bug that corrupts the lock ordering logic of the network stack.", "risk_and_exploitability": "The CVSS score of 7.0 places this as a high\u2011severity issue. Its EPSS rate is under 1\u202f%, indicating that, at the time of analysis, exploitation by attackers is considered unlikely, and the feature is not listed in the CISA KEV catalog. An attacker would need either local or privileged access to trigger the problematic socket closure, or have control over the NVMe over TCP interface to force the state transition. Because the bug results in a deadlock rather than a crash, remediation via an upgrade is recommended rather than attempting runtime mitigation."}}}}, "created": "2026-02-16T09:43:58.316578+00:00", "updated": "2026-04-18T12:30:45.445516+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-759"]}