DEBIAN-CVE-2026-23240

In the Linux kernel, the following vulnerability has been resolved:  tls: Fix race condition in tlsswcancelworktx()  This issue was discovered during a code audit.  After canceldelayedworksync() is called from tlsskprotoclose(), txworkhandler() can still be scheduled from paths such as the Delayed ACK handler or ksoftirqd. As a result, the txworkhandler() worker may dereference a freed TLS object.  The following is a simple race scenario:            cpu0                         cpu1  tlsskprotoclose()   tlsswcancelworktx()                                  tlswritespace()                                    tlsswwritespace()                                      if (!testandsetbit(BITTXSCHEDULED, &txctx->txbitmask))     setbit(BITTXSCHEDULED, &ctx->txbitmask);     canceldelayedworksync(&ctx->txwork.work);                                      scheduledelayedwork(&txctx->txwork.work, 0);  To prevent this race condition, canceldelayedworksync() is replaced with disabledelayedwork_sync().