CVE-2026-23302

MEDIUMNVD 4.74.7
EchelonGraph scoreMEDIUM confidence

Score 4.7 from GitHub Security Advisory published 2026-03-25. NVD baseline CVSS 4.7; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
4.7
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 4.7Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

net: annotate data-races around sk->sk_{data_ready,write_space}

skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently.

Add corresponding READ_ONCE()/WRITE_ONCE() annotations for UDP, TCP and AF_UNIX.

CVSS v3
4.7
EG Score
4.7(medium)
EPSS
0.5%
KEV
Not listed

Published

March 25, 2026

Last Modified

July 4, 2026

Advisory Details (6)

Auto-updated Jul 4, 2026
No patch confirmed yet.
generic

net: annotate data-races around sk->sk_{data_ready,write_space} - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/f17c1c4acbe2bd702abce73a847a04a196fab2c5
generic

net: annotate data-races around sk->sk_{data_ready,write_space} - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/c494448bb522bbbb63096540eb2319101a0480ab
generic

net: annotate data-races around sk->sk_{data_ready,write_space} - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/7ad01905831c815520f1b0486336a03bb7420465
generic

net: annotate data-races around sk->sk_{data_ready,write_space} - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/2ef2b20cf4e04ac8a6ba68493f8780776ff84300
generic

net: annotate data-races around sk->sk_{data_ready,write_space} - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/27fccdbcbbfc4651b6f66756e6fa3f52e051ec23
generic

net: annotate data-races around sk->sk_{data_ready,write_space} - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/279f2b67d1c44ee139bd3fdb221850daa9358449

Vendor Advisories for CVE-2026-23302(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Patch Availability(1)

Vendor / EcosystemFixed in / PatchReleasedSource
linuxKernel @ 6.18.17osv

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Frequently asked(5)

What is CVE-2026-23302?
CVE-2026-23302 is a medium vulnerability published on March 25, 2026. In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk{dataready,write_space} skmsg (and probably other layers) are changing these pointers while other cpus might read them concurrently. Add corresponding READONCE()/WRITEONCE() annotations for…
When was CVE-2026-23302 disclosed?
CVE-2026-23302 was first published in the National Vulnerability Database on March 25, 2026, with the most recent update on July 4, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-23302 actively exploited?
CVE-2026-23302 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 0.5% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-23302?
CVE-2026-23302 has a CVSS v3 base score of 4.7 (NVD).
How do I remediate CVE-2026-23302?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-23302, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-23302

Explore →

Is Your Infrastructure Affected by CVE-2026-23302?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.