CVE-2026-23071

Unknown Unknown - Not Provided

Race Condition in Linux Kernel regmap hwspinlock IRQ Handling

Publication date: 2026-02-04

Last updated on: 2026-03-18

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: regmap: Fix race condition in hwspinlock irqsave routine Previously, the address of the shared member '&map->spinlock_flags' was passed directly to 'hwspin_lock_timeout_irqsave'. This creates a race condition where multiple contexts contending for the lock could overwrite the shared flags variable, potentially corrupting the state for the current lock owner. Fix this by using a local stack variable 'flags' to store the IRQ state temporarily.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-04

Last Modified

2026-03-18

Generated

2026-06-16

AI Q&A

2026-02-04

EPSS Evaluated

2026-06-14

NVD

CVE-2026-23071

Affected Vendors & Products

Vendor	Product	Version / Range
linux	linux_kernel	6.19
linux	linux_kernel	6.19
linux	linux_kernel	6.19
linux	linux_kernel	6.19
linux	linux_kernel	6.19
linux	linux_kernel	From 5.11 (inc) to 5.15.199 (exc)
linux	linux_kernel	From 5.16 (inc) to 6.1.162 (exc)
linux	linux_kernel	From 6.2 (inc) to 6.6.122 (exc)
linux	linux_kernel	From 6.7 (inc) to 6.12.68 (exc)
linux	linux_kernel	From 6.13 (inc) to 6.18.8 (exc)
linux	linux_kernel	6.19
linux	linux_kernel	From 4.15 (inc) to 5.10.249 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-362	The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Attack-Flow Graph

Executive Summary

This vulnerability is a race condition in the Linux kernel's regmap component, specifically in the hwspinlock irqsave routine.

The issue arises because the address of a shared member variable, '&map->spinlock_flags', was passed directly to the function 'hwspin_lock_timeout_irqsave'.

This caused a race condition where multiple contexts competing for the lock could overwrite the shared flags variable, potentially corrupting the state for the current lock owner.

The fix involved using a local stack variable 'flags' to temporarily store the IRQ state, preventing the race condition.

Impact Analysis

This vulnerability can lead to corruption of the lock state in the Linux kernel when multiple contexts attempt to acquire the same hardware spinlock concurrently.

Such corruption could cause unpredictable behavior in kernel operations that rely on this locking mechanism, potentially leading to system instability or crashes.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-23071. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-23071

Race Condition in Linux Kernel regmap hwspinlock IRQ Handling

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart