CVE-2026-23369Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on boot and walk i801_acpi_io_handler somewhat concurrently. The first will note the area is reserved by acpi to prevent further touches. This ultimately causes the area to be deregistered. The second will enter i801_acpi_i

Affected Packages4 packages

Linuxlinux/linux_kernel6.7.06.12.77+2
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxf707d6b9e7c18f669adfdb443906d46cfbaaa0c19507f9953a2a5647eb42668d0c243fdbd7e72954+4
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-vhcx-whwc-3wx5: In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" This reverts2026-03-25
OSV
CVE-2026-23369: In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" This reverts co2026-03-25
OSV
i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock"2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock"2026-03-25
Debian
CVE-2026-23369: linux - In the Linux kernel, the following vulnerability has been resolved: i2c: i801: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23369 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23369 — Linux vulnerability | cvebase