CVE-2026-23115

CWE-362 — Race Condition7 documents7 sources

Severity

4.7MEDIUM

EPSS

0.0%

top 96.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Linux Linux Kernel

Timeline

PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty->port race condition Revert commit bfc467db60b7 ("serial: remove redundant tty_port_link_device()") because the tty_port_link_device() is not redundant: the tty->port has to be confured before we call uart_configure_port(), otherwise user-space can open console without TTY linked to the driver. This tty_port_link_device() was added explicitly to avoid this exact issue in commit fb2b90014d78 ("tty: link…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel6.15 — 6.18.8+1

▶CVEListV5linux/linuxbfc467db60b76c30ca1f7f02088a219b6d5b6e8c — 2501c49306238b54a2de0f93de43d50ab6e76c84+2

▶Debianlinux< 6.18.8-1

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2026-23115: In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty->port race condition Revert commit bfc467db60b7 ("serial:↗2026-02-14

▶

GHSA

GHSA-mwgw-4c23-7465: In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty->port race condition Revert commit bfc467db60b7 ("serial↗2026-02-14

▶

CVEList

serial: Fix not set tty->port race condition↗2026-02-14

▶

📋Vendor Advisories

Red Hat

kernel: serial: Fix not set tty->port race condition↗2026-02-14

▶

Debian

CVE-2026-23115: linux - In the Linux kernel, the following vulnerability has been resolved: serial: Fix...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23115 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶