DEBIAN-CVE-2026-23124

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-23124

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-23124.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2026-23124

Upstream

CVE-2026-23124

Published

2026-02-14T15:16:07.633Z

Modified

2026-03-19T09:55:52.495982Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery() syzbot found that ndiscrouterdiscovery() could read and write in6dev->ramtu without holding a lock [1] This looks fine, IFLAINET6RAMTU is best effort. Add READONCE()/WRITEONCE() to document the race. Note that we might also reject illegal MTU values (mtu < IPV6MINMTU || mtu > skb->dev->mtu) in a future patch. [1] BUG: KCSAN: data-race in ndiscrouterdiscovery / ndiscrouterdiscovery read to 0xffff888119809c20 of 4 bytes by task 25817 on cpu 1: ndiscrouterdiscovery+0x151d/0x1c90 net/ipv6/ndisc.c:1558 ndiscrcv+0x2ad/0x3d0 net/ipv6/ndisc.c:1841 icmpv6rcv+0xe5a/0x12f0 net/ipv6/icmp.c:989 ip6protocoldeliverrcu+0xb2a/0x10d0 net/ipv6/ip6input.c:438 ip6inputfinish+0xf0/0x1d0 net/ipv6/ip6input.c:489 NFHOOK include/linux/netfilter.h:318 [inline] ip6input+0x5e/0x140 net/ipv6/ip6input.c:500 ip6mcinput+0x27c/0x470 net/ipv6/ip6input.c:590 dstinput include/net/dst.h:474 [inline] ip6rcvfinish+0x336/0x340 net/ipv6/ip6input.c:79 ... write to 0xffff888119809c20 of 4 bytes by task 25816 on cpu 0: ndiscrouterdiscovery+0x155a/0x1c90 net/ipv6/ndisc.c:1559 ndiscrcv+0x2ad/0x3d0 net/ipv6/ndisc.c:1841 icmpv6rcv+0xe5a/0x12f0 net/ipv6/icmp.c:989 ip6protocoldeliverrcu+0xb2a/0x10d0 net/ipv6/ip6input.c:438 ip6inputfinish+0xf0/0x1d0 net/ipv6/ip6input.c:489 NFHOOK include/linux/netfilter.h:318 [inline] ip6input+0x5e/0x140 net/ipv6/ip6input.c:500 ip6mcinput+0x27c/0x470 net/ipv6/ip6input.c:590 dstinput include/net/dst.h:474 [inline] ip6rcvfinish+0x336/0x340 net/ipv6/ip6_input.c:79 ... value changed: 0x00000000 -> 0xe5400659

References

https://security-tracker.debian.org/tracker/CVE-2026-23124

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.162-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

6.1.82-1

6.1.85-1

6.1.90-1~bpo11+1

6.1.90-1

6.1.94-1~bpo11+1

6.1.94-1

6.1.98-1

6.1.99-1

6.1.106-1

6.1.106-2

6.1.106-3

6.1.112-1

6.1.115-1

6.1.119-1

6.1.123-1

6.1.124-1

6.1.128-1

6.1.129-1

6.1.133-1

6.1.135-1

6.1.137-1

6.1.139-1

6.1.140-1

6.1.147-1

6.1.148-1

6.1.153-1

6.1.158-1

6.1.159-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-23124.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.69-1

Affected versions

6.*

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

6.12.43-1

6.12.48-1

6.12.57-1~bpo12+1

6.12.57-1

6.12.63-1~bpo12+1

6.12.63-1

6.12.69-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-23124.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.18.8-1

Affected versions

6.*

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

6.12.43-1

6.12.48-1

6.12.57-1~bpo12+1

6.12.57-1

6.12.63-1~bpo12+1

6.12.63-1

6.12.69-1~bpo12+1

6.12.69-1

6.12.73-1~bpo12+1

6.12.73-1

6.12.74-1

6.12.74-2~bpo12+1

6.12.74-2

6.13~rc6-1~exp1

6.13~rc7-1~exp1

6.13.2-1~exp1

6.13.3-1~exp1

6.13.4-1~exp1

6.13.5-1~exp1

6.13.6-1~exp1

6.13.7-1~exp1

6.13.8-1~exp1

6.13.9-1~exp1

6.13.10-1~exp1

6.13.11-1~exp1

6.14.3-1~exp1

6.14.5-1~exp1

6.14.6-1~exp1

6.15~rc7-1~exp1

6.15-1~exp1

6.15.1-1~exp1

6.15.2-1~exp1

6.15.3-1~exp1

6.15.4-1~exp1

6.15.5-1~exp1

6.15.6-1~exp1

6.16~rc7-1~exp1

6.16-1~exp1

6.16.1-1~exp1

6.16.3-1~bpo13+1

6.16.3-1

6.16.5-1

6.16.6-1

6.16.7-1

6.16.8-1

6.16.9-1

6.16.10-1

6.16.11-1

6.16.12-1~bpo13+1

6.16.12-1

6.16.12-2

6.17.2-1~exp1

6.17.5-1~exp1

6.17.6-1

6.17.7-1

6.17.7-2

6.17.8-1~bpo13+1

6.17.8-1

6.17.9-1

6.17.10-1

6.17.11-1

6.17.12-1

6.17.13-1~bpo13+1

6.17.13-1

6.18~rc4-1~exp1

6.18~rc4-1~exp2

6.18~rc5-1~exp1

6.18~rc6-1~exp1

6.18~rc7-1~exp1

6.18.1-1~exp1

6.18.2-1~exp1

6.18.3-1

6.18.5-1~bpo13+1

6.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-23124.json"