CVE-2026-23118

{"id": "CVE-2026-23118", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2026-02-14T15:16:06.933", "references": [{"url": "https://git.kernel.org/stable/c/5d5fe8bcd331f1e34e0943ec7c18432edfcf0e8b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a426f29ac3fa3465093567ab763ada46762fb57c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c08cf314191cd0f8699089715efb9eff030f0086", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f8cf1368e0a5491b27189a695c36f64e48f3d19d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix data-race warning and potential load/store tearing\n\nFix the following:\n\n BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet\n\nwhich is reporting an issue with the reads and writes to ->last_tx_at in:\n\n conn->peer->last_tx_at = ktime_get_seconds();\n\nand:\n\n keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;\n\nThe lockless accesses to these to values aren't actually a problem as the\nread only needs an approximate time of last transmission for the purposes\nof deciding whether or not the transmission of a keepalive packet is\nwarranted yet.\n\nAlso, as ->last_tx_at is a 64-bit value, tearing can occur on a 32-bit\narch.\n\nFix both of these by switching to an unsigned int for ->last_tx_at and only\nstoring the LSW of the time64_t. It can then be reconstructed at need\nprovided no more than 68 years has elapsed since the last transmission."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nrxrpc: Corregir la advertencia de condici\u00f3n de carrera de datos y el potencial desgarro de carga/almacenamiento\n\nCorregir lo siguiente:\n\n BUG: KCSAN: condici\u00f3n de carrera de datos en rxrpc_peer_keepalive_worker / rxrpc_send_data_packet\n\nque est\u00e1 informando un problema con las lecturas y escrituras a ->last_tx_at en:\n\n conn->peer->last_tx_at = ktime_get_seconds();\n\ny:\n\n keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;\n\nLos accesos sin bloqueo a estos dos valores no son realmente un problema, ya que la lectura solo necesita un tiempo aproximado de la \u00faltima transmisi\u00f3n con el prop\u00f3sito de decidir si la transmisi\u00f3n de un paquete keepalive est\u00e1 justificada o no.\n\nAdem\u00e1s, como ->last_tx_at es un valor de 64 bits, puede ocurrir desgarro en una arquitectura de 32 bits.\n\nCorregir ambos cambiando a un unsigned int para ->last_tx_at y almacenando solo el LSW del time64_t. Luego puede ser reconstruido cuando sea necesario, siempre que no hayan transcurrido m\u00e1s de 68 a\u00f1os desde la \u00faltima transmisi\u00f3n."}], "lastModified": "2026-03-25T11:16:18.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "713E32F5-ABC9-4956-92EE-0E2944AD563A", "versionEndExcluding": "6.12.69", "versionStartIncluding": "4.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}