AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2023-54306: In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the tx_lock syzbo

infovulnerability

security

Source: NVD/CVE DatabaseDecember 30, 2025CVE-2023-54306

Summary

A vulnerability in the Linux kernel's TLS (Transport Layer Security, a protocol that encrypts network traffic) implementation could cause threads to hang indefinitely on a lock called tx_lock. An adversarial receiver could keep the RWIN (receive window, which controls how much data can be sent) at 0 for extended periods, preventing a thread holding tx_lock from making progress and potentially blocking it for hours.

Solution / Mitigation

Use interruptible sleep where possible and reschedule the work if it can't take the lock. The fix has been applied in multiple kernel commits available at kernel.org (commit hashes: 1f800f6aae57d2d8f63d32fff383017cbc11cf65, 7123a4337bf73132bbfb5437e4dc83ba864a9a1e, bde541a57b4204d0a800afbbd3d1c06c9cdb133f, be5d5d0637fd88c18ee76024bdb22649a1de00d6, ccf1ccdc5926907befbe880b562b2a4b5f44c087, and f3221361dc85d4de22586ce8441ec2c67b454f5d).

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-54306

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%