CVE-2026-23374Missing Synchronization in Linux

CWE-820Missing Synchronization8 documents7 sources
Severity
8.4HIGH
No vector
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix __this_cpu_read/write in preemptible context tracing_record_cmdline() internally uses __this_cpu_read() and __this_cpu_write() on the per-CPU variable trace_cmdline_save, and trace_save_cmdline() explicitly asserts preemption is disabled via lockdep_assert_preemption_disabled(). These operations are only safe when preemption is off, as they were designed to be called from the scheduler context (probe_wakeup_sched

Affected Packages5 packages

Linuxlinux/linux_kernel3.8.06.19.7
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux7ffbd48d5cab22bcd1120eb2349db1319e2d827a59efa088752b1c380a0475974679850cc8aef907+2
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23374: In the Linux kernel, the following vulnerability has been resolved: blktrace: fix __this_cpu_read/write in preemptible context tracing_record_cmdline(2026-03-25
OSV
blktrace: fix __this_cpu_read/write in preemptible context2026-03-25
GHSA
GHSA-w776-5fwp-835q: In the Linux kernel, the following vulnerability has been resolved: blktrace: fix __this_cpu_read/write in preemptible context tracing_record_cmdlin2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: blktrace: fix __this_cpu_read/write in preemptible context2026-03-25
Microsoft
blktrace: fix __this_cpu_read/write in preemptible context2026-03-10
Debian
CVE-2026-23374: linux - In the Linux kernel, the following vulnerability has been resolved: blktrace: f...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23374 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23374 — Missing Synchronization in Linux | cvebase