4.7
CVE-2026-23118
- EPSS 0.09%
- Veröffentlicht 14.02.2026 15:16:06
- Zuletzt bearbeitet 25.03.2026 11:16:18
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
rxrpc: Fix data-race warning and potential load/store tearing
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix data-race warning and potential load/store tearing
Fix the following:
BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet
which is reporting an issue with the reads and writes to ->last_tx_at in:
conn->peer->last_tx_at = ktime_get_seconds();
and:
keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;
The lockless accesses to these to values aren't actually a problem as the
read only needs an approximate time of last transmission for the purposes
of deciding whether or not the transmission of a keepalive packet is
warranted yet.
Also, as ->last_tx_at is a 64-bit value, tearing can occur on a 32-bit
arch.
Fix both of these by switching to an unsigned int for ->last_tx_at and only
storing the LSW of the time64_t. It can then be reconstructed at need
provided no more than 68 years has elapsed since the last transmission.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.17 < 6.12.69
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.8
Linux ≫ Linux Kernel Version6.19 Updaterc1
Linux ≫ Linux Kernel Version6.19 Updaterc2
Linux ≫ Linux Kernel Version6.19 Updaterc3
Linux ≫ Linux Kernel Version6.19 Updaterc4
Linux ≫ Linux Kernel Version6.19 Updaterc5
Linux ≫ Linux Kernel Version6.19 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.004 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://git.kernel.org/stable/c/5d5fe8bcd331f1e34e0943ec7c18432edfcf0e8b
https://git.kernel.org/stable/c/c08cf314191cd0f8699089715efb9eff030f0086
https://git.kernel.org/stable/c/f8cf1368e0a5491b27189a695c36f64e48f3d19d
https://git.kernel.org/stable/c/a426f29ac3fa3465093567ab763ada46762fb57c