Race condition within a thread in Linux kernel - CVE-2026-23120
Published: February 16, 2026
Vulnerability identifier: #VU122936
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23120
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the l2tp_tunnel_del_work() function in net/l2tp/l2tp_core.c. A local user can corrupt data.
How to mitigate CVE-2026-23120
Install update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1f63ca44b4f419a1663d94d1bb0b4e2beb73fdb4
- https://git.kernel.org/stable/c/32d417497b79efb403d75f4c185fe6fd9d64b94f
- https://git.kernel.org/stable/c/36c40a80109f1771d59558050b1a71e13c60c759
- https://git.kernel.org/stable/c/3d6d414b214ce31659bded2f8df50c93a3769474
- https://git.kernel.org/stable/c/68e92085427c84e7679ddb53c0d68836d220b6e7
- https://git.kernel.org/stable/c/7a29f6bf60f2590fe5e9c4decb451e19afad2bcf
- https://git.kernel.org/stable/c/eae074dab764ea181bbed5e88626889319177498