CVE-2026-23212

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a data race condition related to the handling of bonded network interfaces. Specifically, the slave->last rx and slave->target last arp rx variables can be read and written without proper locking mechanisms. This can occur during interrupt handling within the bond rcv validate and bond handle frame functions. The issue was identified through reports from syzbot, a kernel testing tool, which detected a Kernel Concurrent State SANitizer (KCSAN) data race. The data race occurs when multiple CPUs attempt to access and modify these variables concurrently, potentially leading to unpredictable behavior or system instability. The functions involved are bond rcv validate, bond handle frame, netif receive skb core, netif receive skb one core, netif receive skb, netif receive skb internal, netif receive skb, and br netif receive skb.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.