CVE-2026-23212

Summary

In the Linux kernel, the following vulnerability has been resolved:

bonding: annotate data-races around slave->last_rx

slave->last_rx and slave->target_last_arp_rx[…] can be read and written locklessly. Add READ_ONCE() and WRITE_ONCE() annotations.

syzbot reported:

BUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate

write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 …

write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 br_netif_receive_skb net/bridge/br_input.c:30 [inline] NF_HOOK include/linux/netfilter.h:318 [inline] …

value changed: 0x0000000100005365 -> 0x0000000100005366

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf5b2b966f032f22d3a289045a5afd4afa09f09c6 < a7516cb0165926d308187e231ccd330e5e3ebff7affected
LinuxLinuxf5b2b966f032f22d3a289045a5afd4afa09f09c6 < 8c0be3277e7aefb2f900fc37ca3fe7df362e26f5affected
LinuxLinuxf5b2b966f032f22d3a289045a5afd4afa09f09c6 < b956289b83887e0a306067b6003c3fcd81bfdf84affected
LinuxLinuxf5b2b966f032f22d3a289045a5afd4afa09f09c6 < bd98324e327e41de04b13e372cc16f73150df254affected
LinuxLinuxf5b2b966f032f22d3a289045a5afd4afa09f09c6 < f6c3665b6dc53c3ab7d31b585446a953a74340efaffected
LinuxLinux2.6.19affected
LinuxLinux0 < 2.6.19unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.123 <= 6.6.*unaffected
LinuxLinux6.12.69 <= 6.12.*unaffected
LinuxLinux6.18.9 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References