CVE-2023-54306
Published Dec 30, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the tx_lock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took tx_lock and went to sleep may not release tx_lock for hours. Use interruptible sleep where possible and reschedule the work if it can't take the lock. Testing: existing selftest passes
Is your site exposed to CVE-2023-54306?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/1f800f6aae57d2d8f63d32fff383017cbc11cf65
https://git.kernel.org/stable/c/7123a4337bf73132bbfb5437e4dc83ba864a9a1e
https://git.kernel.org/stable/c/bde541a57b4204d0a800afbbd3d1c06c9cdb133f
https://git.kernel.org/stable/c/be5d5d0637fd88c18ee76024bdb22649a1de00d6
https://git.kernel.org/stable/c/ccf1ccdc5926907befbe880b562b2a4b5f44c087
https://git.kernel.org/stable/c/f3221361dc85d4de22586ce8441ec2c67b454f5d
Frequently Asked Questions
What is CVE-2023-54306? +
In the Linux kernel, the following vulnerability has been resolved:
net: tls: avoid hanging tasks on the tx_lock
syzbot sent a hung task report and Eric explains that adversarial
receiver may keep RWIN at 0 for a long time, so we are not guaranteed
to make forward progress. Thread which took tx_lock and went to sleep
may not release tx_lock for hours. Use interruptible sleep where
possible and reschedule the work if it can't take the lock.
Testing: existing selftest passes
How do I check if I'm vulnerable to CVE-2023-54306? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.