CVE-2026-23212

In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->target_last_arp_rx[...] can be read and written locklessly. Add READ_ONCE() and WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 ... write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 br_netif_receive_skb net/bridge/br_input.c:30 [inline] NF_HOOK include/linux/netfilter.h:318 [inline] ... value changed: 0x0000000100005365 -> 0x0000000100005366

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5	Patch
https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7	Patch
https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84	Patch
https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254	Patch
https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::

History

18 Mar 2026, 20:37

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: bonding: anotar condiciones de carrera de datos alrededor de slave->last_rx slave->last_rx y slave->target_last_arp_rx[...] pueden ser leídos y escritos sin bloqueo. Añadir anotaciones READ_ONCE() y WRITE_ONCE(). syzbot informó: ERROR: KCSAN: condición de carrera de datos en bond_rcv_validate / bond_rcv_validate escritura en 0xffff888149f0d428 de 8 bytes por interrupción en la CPU 1: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 ... escritura en 0xffff888149f0d428 de 8 bytes por interrupción en la CPU 0: bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335 bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039 __netif_receive_skb_one_core net/core/dev.c:6150 [inline] __netif_receive_skb+0x59/0x270 net/core/dev.c:6265 netif_receive_skb_internal net/core/dev.c:6351 [inline] netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410 br_netif_receive_skb net/bridge/br_input.c:30 [inline] NF_HOOK include/linux/netfilter.h:318 [inline] ... valor cambiado: 0x0000000100005365 -> 0x0000000100005366
CWE		CWE-367
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5 -~~	() https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5 - Patch
References	~~() https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7 -~~	() https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7 - Patch
References	~~() https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84 -~~	() https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84 - Patch
References	~~() https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254 -~~	() https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254 - Patch
References	~~() https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef -~~	() https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef - Patch

18 Feb 2026, 15:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-18 15:18

Updated : 2026-03-18 20:37

NVD link : CVE-2026-23212

Mitre link : CVE-2026-23212

CVE.ORG link : CVE-2026-23212

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

4.7 /10