CVE-2026-23103
Unknown Unknown - Not Provided
Race Condition in Linux Kernel ipvlan IPv6 Address Handling

Publication date: 2026-02-04

Last updated on: 2026-04-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. So 1) Introduce per-port addrs_lock. 2) It was needed to fix places where it was forgotten to take lock (ipvlan_open/ipvlan_close) This appears to be a very minor problem though. Since it's highly unlikely that ipvlan_add_addr() will be called on 2 CPU simultaneously. But nevertheless, this could cause: 1) False-negative of ipvlan_addr_busy(): one interface iterated through all port->ipvlans + ipvlan->addrs under some ipvlan spinlock, and another added IP under its own lock. Though this is only possible for IPv6, since looks like only ipvlan_addr6_event() can be called without rtnl_lock. 2) Race since ipvlan_ht_addr_add(port) is called under different ipvlan->addrs_lock locks This should not affect performance, since add/remove IP is a rare situation and spinlock is not taken on fast paths.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-04-03
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23103
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.11 (inc) to 5.15.199 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.162 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.122 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.68 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.8 (exc)
linux linux_kernel 6.19
linux linux_kernel From 4.17 (inc) to 5.10.249 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability relates to the Linux kernel's ipvlan network driver. The issue was that the locking mechanism (addrs_lock) was applied per ipvlan device rather than per port. This caused a potential race condition specifically with IPv6 address changes, where address modifications could occur without proper locking under certain conditions.

The fix introduced a per-port addrs_lock to ensure proper synchronization when adding or removing IP addresses. The problem was minor because it is unlikely that ipvlan_add_addr() would be called simultaneously on two CPUs, but the race could cause false negatives in address busy checks or race conditions during address addition.


How can this vulnerability impact me? :

The impact of this vulnerability is very minor. It could potentially cause race conditions or false-negative results when managing IPv6 addresses on ipvlan interfaces, but it is unlikely to occur in typical usage.

Since adding or removing IP addresses is a rare event and the locking is not on fast paths, this vulnerability should not affect system performance or stability significantly.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart