CVE-2026-23153

CWE-362Race ConditionCWE-3667 documents7 sources
Severity
4.7MEDIUM
EPSS
0.0%
top 97.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is enumerated without acquiring card lock when processing AR response event. This causes a race condition bug when processing AT request completion event concurrently. This commit fixes the bug by put timer start for split transaction expiration into the scope of lock. The value of jiffies in card structure is referred before acquiring the loc

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.186.18.9+1
CVEListV5linux/linuxb5725cfa4120a4d234ab112aad151d731531d093b038874e31fc3caa0b0d5abd259dd54b918ad4a1+2
Debianlinux< 6.18.9-1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
firewire: core: fix race condition against transaction list2026-02-14
GHSA
GHSA-7q43-7j7f-g59m: In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transact2026-02-14
OSV
CVE-2026-23153: In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transactio2026-02-14

📋Vendor Advisories

2
Red Hat
kernel: firewire: core: fix race condition against transaction list2026-02-14
Debian
CVE-2026-23153: linux - In the Linux kernel, the following vulnerability has been resolved: firewire: c...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23153 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23153 (MEDIUM CVSS 4.7) | In the Linux kernel | cvebase.io