Linux Kernel up to 6.18.19/6.19.9/7.0-rc4 shutdown state issue

Summaryinfo

A vulnerability identified as critical has been detected in Linux Kernel up to 6.18.19/6.19.9/7.0-rc4. This issue affects the function shutdown. Performing a manipulation results in state issue. This vulnerability is identified as CVE-2026-23473. There is not any exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.19/6.19.9/7.0-rc4. This affects the function shutdown. The manipulation with an unknown input leads to a state issue vulnerability. CWE is classifying the issue as CWE-371. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: fix multishot recv missing EOF on wakeup race When a socket send and shutdown() happen back-to-back, both fire wake-ups before the receiver's task_work has a chance to run. The first wake gets poll ownership (poll_refs=1), and the second bumps it to 2. When io_poll_check_events() runs, it calls io_poll_issue() which does a recv that reads the data and returns IOU_RETRY. The loop then drains all accumulated refs (atomic_sub_return(2) -> 0) and exits, even though only the first event was consumed. Since the shutdown is a persistent state change, no further wakeups will happen, and the multishot recv can hang forever. Check specifically for HUP in the poll loop, and ensure that another loop is done to check for status if more than a single poll activation is pending. This ensures we don't lose the shutdown event.

The advisory is shared at git.kernel.org. This vulnerability is uniquely identified as CVE-2026-23473 since 01/13/2026. The exploitability is told to be difficult. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 04/03/2026).

Upgrading to version 6.18.20, 6.19.10 or 7.0-rc5 eliminates this vulnerability. Applying the patch 0f4ce79b8db7b040373fc664c8bc6c5fd74bd196/bf33554b6abf7e7faeadd8af1b82037ea755a6bb/a68ed2df72131447d131531a08fe4dfcf4fa4653 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.18.0
• 6.18.1
• 6.18.2
• 6.18.3
• 6.18.4
• 6.18.5
• 6.18.6
• 6.18.7
• 6.18.8
• 6.18.9
• 6.18.10
• 6.18.11
• 6.18.12
• 6.18.13
• 6.18.14
• 6.18.15
• 6.18.16
• 6.18.17
• 6.18.18
• 6.18.19
• 6.19.0
• 6.19.1
• 6.19.2
• 6.19.3
• 6.19.4
• 6.19.5
• 6.19.6
• 6.19.7
• 6.19.8
• 6.19.9
• 7.0-rc1
• 7.0-rc2
• 7.0-rc3
• 7.0-rc4

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion