CVE-2026-23348Missing Synchronization in Linux

CWE-820Missing Synchronization8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimm_bus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The cxl_translate module has dependency on cxl_acpi and causes orphaned nvdimm objects to reprobe after cxl_acpi is removed. The nvdimm_bus object is registered by the cxl_nvb object when cxl_acpi_probe() is calle

Affected Packages5 packages

Linuxlinux/linux_kernel5.14.06.18.17+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux8fdcb1704f61a8fd9be0f3849a174d084def06665fc4e150c5ada5f7d20d8f9f1b351f10481fbdf7+3
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23348: In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimm_bus object when creating nvdimm objects Found issue during2026-03-25
OSV
cxl: Fix race of nvdimm_bus object when creating nvdimm objects2026-03-25
GHSA
GHSA-j48g-pw4c-x8jm: In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimm_bus object when creating nvdimm objects Found issue duri2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: cxl: Fix race of nvdimm_bus object when creating nvdimm objects2026-03-25
Microsoft
cxl: Fix race of nvdimm_bus object when creating nvdimm objects2026-03-10
Debian
CVE-2026-23348: linux - In the Linux kernel, the following vulnerability has been resolved: cxl: Fix ra...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23348 Impact, Exploitability, and Mitigation Steps | Wiz