CVE-2026-23186

{"id": "CVE-2026-23186", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2026-02-14T17:15:56.373", "references": [{"url": "https://git.kernel.org/stable/c/615901b57b7ef8eb655f71358f7e956e42bcd16b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8860ddf0e07be37169d4ef9f2618e39fca934a66", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (acpi_power_meter) Fix deadlocks related to acpi_power_meter_notify()\n\nThe acpi_power_meter driver's .notify() callback function,\nacpi_power_meter_notify(), calls hwmon_device_unregister() under a lock\nthat is also acquired by callbacks in sysfs attributes of the device\nbeing unregistered which is prone to deadlocks between sysfs access and\ndevice removal.\n\nAddress this by moving the hwmon device removal in\nacpi_power_meter_notify() outside the lock in question, but notice\nthat doing it alone is not sufficient because two concurrent\nMETER_NOTIFY_CONFIG notifications may be attempting to remove the\nsame device at the same time. To prevent that from happening, add a\nnew lock serializing the execution of the switch () statement in\nacpi_power_meter_notify(). For simplicity, it is a static mutex\nwhich should not be a problem from the performance perspective.\n\nThe new lock also allows the hwmon_device_register_with_info()\nin acpi_power_meter_notify() to be called outside the inner lock\nbecause it prevents the other notifications handled by that function\nfrom manipulating the \"resource\" object while the hwmon device based\non it is being registered. The sending of ACPI netlink messages from\nacpi_power_meter_notify() is serialized by the new lock too which\ngenerally helps to ensure that the order of handling firmware\nnotifications is the same as the order of sending netlink messages\nrelated to them.\n\nIn addition, notice that hwmon_device_register_with_info() may fail\nin which case resource->hwmon_dev will become an error pointer,\nso add checks to avoid attempting to unregister the hwmon device\npointer to by it in that case to acpi_power_meter_notify() and\nacpi_power_meter_remove()."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nhwmon: (acpi_power_meter) Soluciona interbloqueos relacionados con acpi_power_meter_notify()\n\nLa funci\u00f3n de callback .notify() del controlador acpi_power_meter, acpi_power_meter_notify(), llama a hwmon_device_unregister() bajo un bloqueo que tambi\u00e9n es adquirido por callbacks en atributos sysfs del dispositivo que se est\u00e1 desregistrando, lo cual es propenso a interbloqueos entre el acceso a sysfs y la eliminaci\u00f3n del dispositivo.\n\nAborda esto moviendo la eliminaci\u00f3n del dispositivo hwmon en acpi_power_meter_notify() fuera del bloqueo en cuesti\u00f3n, pero ten en cuenta que hacerlo solo no es suficiente porque dos notificaciones METER_NOTIFY_CONFIG concurrentes pueden estar intentando eliminar el mismo dispositivo al mismo tiempo. Para evitar que eso suceda, a\u00f1ade un nuevo bloqueo serializando la ejecuci\u00f3n de la sentencia switch () en acpi_power_meter_notify(). Para simplificar, es un mutex est\u00e1tico lo cual no deber\u00eda ser un problema desde la perspectiva del rendimiento.\n\nEl nuevo bloqueo tambi\u00e9n permite que hwmon_device_register_with_info() en acpi_power_meter_notify() sea llamado fuera del bloqueo interno porque evita que las otras notificaciones manejadas por esa funci\u00f3n manipulen el objeto 'resource' mientras el dispositivo hwmon basado en \u00e9l est\u00e1 siendo registrado. El env\u00edo de mensajes netlink ACPI desde acpi_power_meter_notify() tambi\u00e9n es serializado por el nuevo bloqueo, lo cual generalmente ayuda a asegurar que el orden de manejo de las notificaciones de firmware es el mismo que el orden de env\u00edo de los mensajes netlink relacionados con ellas.\n\nAdem\u00e1s, ten en cuenta que hwmon_device_register_with_info() puede fallar, en cuyo caso resource->hwmon_dev se convertir\u00e1 en un puntero de error, as\u00ed que a\u00f1ade comprobaciones para evitar intentar desregistrar el dispositivo hwmon al que apunta en ese caso a acpi_power_meter_notify() y acpi_power_meter_remove()."}], "lastModified": "2026-03-18T15:10:00.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D999201-C599-4A3B-A14D-669CF95A41B9", "versionEndExcluding": "6.18.10", "versionStartIncluding": "6.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5B7DFC-C36B-45D8-922C-877569FDDF43"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}