CVE-2026-23106Missing Synchronization in Linux

CWE-820Missing Synchronization7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_ajdtimex() was introduced to handle adjtimex for any timekeeper, this reference to tk_core was not updated. When called on an auxiliary timekeeper, the core timekeeper would be updated incorrectly. This gets caught by the lock debugging diagnostics because the timekeepers sequence lock gets written to without holding its associated spinlock: WA

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.176.18.8+1
Debianlinux/linux_kernel< 6.18.8-1
CVEListV5linux/linux775f71ebedd382da390dc16a4c28cffa5b937f798f7c9dbeaa0be5810e44d323735967d3dba9239d+2

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2026-23106: In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_2026-02-04
GHSA
GHSA-gx3f-mw8m-6ff3: In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __d2026-02-04
CVEList
timekeeping: Adjust the leap state for the correct auxiliary timekeeper2026-02-04

📋Vendor Advisories

2
Red Hat
kernel: timekeeping: Adjust the leap state for the correct auxiliary timekeeper2026-02-04
Debian
CVE-2026-23106: linux - In the Linux kernel, the following vulnerability has been resolved: timekeeping...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23106 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23106 — Missing Synchronization in Linux | cvebase