CVE-2026-23118
Unknown Unknown - Not Provided
Data Race and Tearing in Linux Kernel rxrpc Component

Publication date: 2026-02-14

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning and potential load/store tearing Fix the following: BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet which is reporting an issue with the reads and writes to ->last_tx_at in: conn->peer->last_tx_at = ktime_get_seconds(); and: keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME; The lockless accesses to these to values aren't actually a problem as the read only needs an approximate time of last transmission for the purposes of deciding whether or not the transmission of a keepalive packet is warranted yet. Also, as ->last_tx_at is a 64-bit value, tearing can occur on a 32-bit arch. Fix both of these by switching to an unsigned int for ->last_tx_at and only storing the LSW of the time64_t. It can then be reconstructed at need provided no more than 68 years has elapsed since the last transmission.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23118
EUVD
EUVD-2026-6028
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.8 (exc)
linux linux_kernel 6.19
linux linux_kernel From 4.17 (inc) to 6.12.69 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves a data-race warning and potential load/store tearing in the Linux kernel's rxrpc component. Specifically, there was a data-race issue in the functions rxrpc_peer_keepalive_worker and rxrpc_send_data_packet related to concurrent reads and writes to the last_tx_at field.

The problem arises because last_tx_at is a 64-bit value, and on 32-bit architectures, tearing can occur when accessing it without proper locking. The code was performing lockless accesses to last_tx_at, which was acceptable for approximate timing but caused warnings and potential issues.

The fix involved changing last_tx_at to an unsigned int that stores only the least significant word of the time64_t value. This avoids tearing and data-race warnings while still allowing reconstruction of the full time value when needed, assuming no more than 68 years have passed since the last transmission.

Impact Analysis

The vulnerability could lead to data-race conditions and potential tearing when accessing timing information in the rxrpc protocol within the Linux kernel. While the lockless access was intended to provide approximate timing, the data-race warnings indicate possible inconsistencies in reading or writing the last transmission time.

On 32-bit architectures, this could cause corrupted or inconsistent timing data, which might affect the correct transmission of keepalive packets in the rxrpc protocol. However, the vulnerability does not appear to cause direct security breaches or system crashes but rather timing inaccuracies.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23118. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart