CVE-2026-23203

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc6-next-20260122-yocto-standard+

Description The Linux kernel contains a flaw in the cpsw new network driver related to the handling of the ndo set rx mode callback. Specifically, the callback is executed in a work queue, which can lead to issues when the RTNL lock is not held as expected by vlan for each(). This can trigger assertions and potentially cause instability. The issue stems from a previous commit that removed the RTNL lock for certain IPv6 operations, exposing this race condition. The problem occurs when vlan for each() is called within cpsw ndo set rx mode(), expecting the RTNL lock to be held, but it is not always the case.

Recommendations Update to a version newer than 6.19.0-rc6-next-20260122-yocto-standard+ to address this issue.