CVE-2026-23369

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-611.5.1.el9 7

Description The Linux kernel contained an issue where multiple udev threads could collect i801 device information concurrently during boot. This could lead to a kernel panic because the i801 acpi io handler function was accessed after the associated memory area was deregistered. Specifically, the issue stemmed from reverting a previous commit that replaced acpi lock with an I2C bus lock. The root cause was a race condition where the memory area could be unregistered before a check confirmed its registration status, resulting in a NULL pointer dereference when i2c lock bus attempted to access the unregistered area.

Recommendations Update the Linux kernel to version 5.14.0-611.5.1 or later.