CVE-2026-23361

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the PCI subsystem, specifically within the dwc endpoint driver. The issue relates to a race condition when handling MSI-X interrupts. Endpoint drivers utilize dw pcie ep raise msix irq() which performs a PCI posted write transaction. This function may return before the write completes, and subsequently unmaps the associated ATU entry. If the write operation races with the unmap, it can lead to corruption of host memory or IOMMU errors. A read operation is needed to ensure the write reaches its destination before the ATU entry is unmapped. The function dw pcie ep raise msix irq() was previously addressed in a related commit, but a similar solution cannot be applied to MSI-X due to the dynamic nature of message addresses.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.