CVE-2026-23212

CWE-3678 documents8 sources
Severity
4.7MEDIUM
EPSS
0.0%
top 97.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 18

Description

In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->target_last_arp_rx[...] can be read and written locklessly. Add READ_ONCE() and WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 driver

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel2.6.196.1.162+4
CVEListV5linux/linuxf5b2b966f032f22d3a289045a5afd4afa09f09c6a7516cb0165926d308187e231ccd330e5e3ebff7+5
Debianlinux< 6.1.162-1+2

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2026-23212: In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->targe2026-02-18
CVEList
bonding: annotate data-races around slave->last_rx2026-02-18
GHSA
GHSA-phqg-p332-q7vc: In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->tar2026-02-18

📋Vendor Advisories

3
Red Hat
kernel: bonding: annotate data-races around slave->last_rx2026-02-18
Microsoft
bonding: annotate data-races around slave->last_rx2026-02-10
Debian
CVE-2026-23212: linux - In the Linux kernel, the following vulnerability has been resolved: bonding: an...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23212 Impact, Exploitability, and Mitigation Steps | Wiz