CVE-2026-23212
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bonding: annotate data-races around slave->last_rx
slave->last_rx and slave->target_last_arp_rx[…] can be read and written locklessly. Add READ_ONCE() and WRITE_ONCE() annotations.
syzbot reported:
BUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate
write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 …
write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 br_netif_receive_skb net/bridge/br_input.c:30 [inline] NF_HOOK include/linux/netfilter.h:318 [inline] …
value changed: 0x0000000100005365 -> 0x0000000100005366
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | f5b2b966f032f22d3a289045a5afd4afa09f09c6 < a7516cb0165926d308187e231ccd330e5e3ebff7 | affected |
| Linux | Linux | f5b2b966f032f22d3a289045a5afd4afa09f09c6 < 8c0be3277e7aefb2f900fc37ca3fe7df362e26f5 | affected |
| Linux | Linux | f5b2b966f032f22d3a289045a5afd4afa09f09c6 < b956289b83887e0a306067b6003c3fcd81bfdf84 | affected |
| Linux | Linux | f5b2b966f032f22d3a289045a5afd4afa09f09c6 < bd98324e327e41de04b13e372cc16f73150df254 | affected |
| Linux | Linux | f5b2b966f032f22d3a289045a5afd4afa09f09c6 < f6c3665b6dc53c3ab7d31b585446a953a74340ef | affected |
| Linux | Linux | 2.6.19 | affected |
| Linux | Linux | 0 < 2.6.19 | unaffected |
| Linux | Linux | 6.1.162 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.123 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.69 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.9 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7
- https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5
- https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84
- https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254
- https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.