Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-43216
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-06 May, 2026 | 11:28
Updated At-11 May, 2026 | 22:20
Rejected At-
▼CVE Numbering Authority (CNA)
net: Drop the lock in skb_may_tx_timestamp()

In the Linux kernel, the following vulnerability has been resolved: net: Drop the lock in skb_may_tx_timestamp() skb_may_tx_timestamp() may acquire sock::sk_callback_lock. The lock must not be taken in IRQ context, only softirq is okay. A few drivers receive the timestamp via a dedicated interrupt and complete the TX timestamp from that handler. This will lead to a deadlock if the lock is already write-locked on the same CPU. Taking the lock can be avoided. The socket (pointed by the skb) will remain valid until the skb is released. The ->sk_socket and ->file member will be set to NULL once the user closes the socket which may happen before the timestamp arrives. If we happen to observe the pointer while the socket is closing but before the pointer is set to NULL then we may use it because both pointer (and the file's cred member) are RCU freed. Drop the lock. Use READ_ONCE() to obtain the individual pointer. Add a matching WRITE_ONCE() where the pointer are cleared.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/sock.h
  • net/core/skbuff.c
  • net/socket.c
Default Status
unaffected
Versions
Affected
  • From b245be1f4db1a0394e4b6eb66059814b46670ac3 before f3e4cceafad27c9363c33622732f86722846ec6f (git)
  • From b245be1f4db1a0394e4b6eb66059814b46670ac3 before e4c6efb3b70ff87f1df99efce2f8893717695718 (git)
  • From b245be1f4db1a0394e4b6eb66059814b46670ac3 before 983512f3a87fd8dc4c94dfa6b596b6e57df5aad7 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/sock.h
  • net/core/skbuff.c
  • net/socket.c
Default Status
affected
Versions
Affected
  • 4.0
Unaffected
  • From 0 before 4.0 (semver)
  • From 6.18.16 through 6.18.* (semver)
  • From 6.19.6 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/f3e4cceafad27c9363c33622732f86722846ec6f
N/A
https://git.kernel.org/stable/c/e4c6efb3b70ff87f1df99efce2f8893717695718
N/A
https://git.kernel.org/stable/c/983512f3a87fd8dc4c94dfa6b596b6e57df5aad7
N/A
Hyperlink: https://git.kernel.org/stable/c/f3e4cceafad27c9363c33622732f86722846ec6f
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e4c6efb3b70ff87f1df99efce2f8893717695718
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/983512f3a87fd8dc4c94dfa6b596b6e57df5aad7
Resource: N/A
Details not found