CVE-2026-23212

MEDIUM EPSS 0.4%
Published Feb 18, 20264mo ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->target_last_arp_rx[...] can be read and written locklessly. Add READ_ONCE() and WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 ... write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 br_netif_receive_skb net/bridge/br_input.c:30 [inline] NF_HOOK include/linux/netfilter.h:318 [inline] ... value changed: 0x0000000100005365 -> 0x0000000100005366

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
0.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-367

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥2.6.19  –  <6.1.162
linuxlinux_kernel*≥6.2  –  <6.6.123
linuxlinux_kernel*≥6.7  –  <6.12.69
linuxlinux_kernel*≥6.13  –  <6.18.9
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef
    Patch