CVE-2026-23179 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed while in TCP_LISTEN a callback is run to flush all outstanding packets, which in turns calls nvmet_tcp_listen_data_ready() with the sk_callback_lock held. So we need to check if we are in TCP_LISTEN before attempting to get the sk_callback_lock() to avoid a deadlock.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1c90f930e7b410dd2d75a2a19a85e19c64e98ad5
https://git.kernel.org/stable/c/2fa8961d3a6a1c2395d8d560ffed2c782681bade
https://git.kernel.org/stable/c/6e0c7503a5803d568d56a9f9bca662cd94a14908
https://git.kernel.org/stable/c/f532b29b0e313f42b964014038b0f52899b240ec

History

Sat, 14 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed while in TCP_LISTEN a callback is run to flush all outstanding packets, which in turns calls nvmet_tcp_listen_data_ready() with the sk_callback_lock held. So we need to check if we are in TCP_LISTEN before attempting to get the sk_callback_lock() to avoid a deadlock.
Title		nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1c90f930e7b410dd2d75a2a19a85e19c64e98ad5 https://git.kernel.org/stable/c/2fa8961d3a6a1c2395d8d560ffed2c782681bade https://git.kernel.org/stable/c/6e0c7503a5803d568d56a9f9bca662cd94a14908 https://git.kernel.org/stable/c/f532b29b0e313f42b964014038b0f52899b240ec

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-14T16:27:10.778Z

Updated: 2026-02-14T16:27:10.778Z

Reserved: 2026-01-13T15:37:45.984Z

Link: CVE-2026-23179

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-14T17:15:55.643

Modified: 2026-02-14T17:15:55.643

Link: CVE-2026-23179

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23179", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.984Z", "datePublished": "2026-02-14T16:27:10.778Z", "dateUpdated": "2026-02-14T16:27:10.778Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-02-14T16:27:10.778Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()\n\nWhen the socket is closed while in TCP_LISTEN a callback is run to\nflush all outstanding packets, which in turns calls\nnvmet_tcp_listen_data_ready() with the sk_callback_lock held.\nSo we need to check if we are in TCP_LISTEN before attempting\nto get the sk_callback_lock() to avoid a deadlock."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/target/tcp.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f532b29b0e313f42b964014038b0f52899b240ec", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "6e0c7503a5803d568d56a9f9bca662cd94a14908", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "1c90f930e7b410dd2d75a2a19a85e19c64e98ad5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "2fa8961d3a6a1c2395d8d560ffed2c782681bade", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/target/tcp.c"], "versions": [{"version": "6.6.124", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.70", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.10", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f532b29b0e313f42b964014038b0f52899b240ec"}, {"url": "https://git.kernel.org/stable/c/6e0c7503a5803d568d56a9f9bca662cd94a14908"}, {"url": "https://git.kernel.org/stable/c/1c90f930e7b410dd2d75a2a19a85e19c64e98ad5"}, {"url": "https://git.kernel.org/stable/c/2fa8961d3a6a1c2395d8d560ffed2c782681bade"}], "title": "nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()", "x_generator": {"engine": "bippy-1.2.0"}}}}