CVE-2026-23101

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the Linux kernel's LED class initialization. Specifically, LEDs were being added to the leds list before the led init core() function was called, leaving a window where led trigger register() could call led set brightness() with an uninitialized work queue. This issue was observed in the lenovo-thinkpad-t14s EC driver when registering LEDs with a default trigger provided by snd ctl led.ko. The race condition could lead to a kernel warning and potential instability. The leds list is a data structure used to manage registered LEDs. The led init core() function initializes core LED functionality. The led trigger register() function registers a trigger for an LED. The led set brightness() function sets the brightness of an LED. The led classdev.set brightness work is a work queue item responsible for handling brightness updates.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.