CVE-2026-23106

Summary

In the Linux kernel, the following vulnerability has been resolved:

timekeeping: Adjust the leap state for the correct auxiliary timekeeper

When __do_ajdtimex() was introduced to handle adjtimex for any timekeeper, this reference to tk_core was not updated. When called on an auxiliary timekeeper, the core timekeeper would be updated incorrectly.

This gets caught by the lock debugging diagnostics because the timekeepers sequence lock gets written to without holding its associated spinlock:

WARNING: include/linux/seqlock.h:226 at __do_adjtimex+0x394/0x3b0, CPU#2: test/125 aux_clock_adj (kernel/time/timekeeping.c:2979) __do_sys_clock_adjtime (kernel/time/posix-timers.c:1161 kernel/time/posix-timers.c:1173) do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)

Update the correct auxiliary timekeeper.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux775f71ebedd382da390dc16a4c28cffa5b937f79 < 8f7c9dbeaa0be5810e44d323735967d3dba9239daffected
LinuxLinux775f71ebedd382da390dc16a4c28cffa5b937f79 < e806f7dde8ba28bc72a7a0898589cac79f6362acaffected
LinuxLinux6.17affected
LinuxLinux0 < 6.17unaffected
LinuxLinux6.18.8 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References