HOMEVULNERABILITIESCVE-2026-23441
NONE

CVE-2026-23441

Published: April 3, 2026· Updated: Apr 7, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.6th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Prevent concurrent access to IPSec ASO context

The query or updating IPSec offload object is through Access ASO WQE.

The driver uses a single mlx5e_ipsec_aso struct for each PF, which

contains a shared DMA-mapped context for all ASO operations.

A race condition exists because the ASO spinlock is released before

the hardware has finished processing WQE. If a second operation is

initiated immediately after, it overwrites the shared context in the

DMA area.

When the first operation's completion is processed later, it reads

this corrupted context, leading to unexpected behavior and incorrect

results.

This commit fixes the race by introducing a private context within

each IPSec offload object. The shared ASO context is now copied to

this private context while the ASO spinlock is held. Subsequent

processing uses this saved, per-object context, ensuring its integrity

is maintained.

NVD Source

Technical Analysis

CVE-2026-23441 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (5)

Quick Facts

CVE IDCVE-2026-23441
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedApr 3, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23441 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.