CVE-2026-23357

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s mcp251x open() function related to a potential deadlock situation. Specifically, the function calls free irq() while holding the mpc lock mutex. If an interrupt occurs during this process, the interrupt handler may wait for the mpc lock, leading to a deadlock. This issue is similar to a previously resolved deadlock but occurs in the error path of the function. The resolution involves moving the free irq() call after releasing the lock and setting priv->force quit = 1 to ensure the interrupt handler exits promptly upon acquiring the lock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

CVE-2026-23357

ECHO-4628-5A89-95B3

OPENSUSE-SU-2026:20826-1

SUSE-SU-2026:21841-1

SUSE-SU-2026:21845-1

SUSE-SU-2026:21860-1

SUSE-SU-2026:21876-1

SUSE-SU-2026:21877-1

SUSE-SU-2026:21916-1

SUSE-SU-2026:21919-1

SUSE-SU-2026:2217-1

SUSE-SU-2026:2238-1

Affected Products

Linux Kernel

CVE-2026-23357

Weakness Enumeration

Related Identifiers

Affected Products

References · 24