CVE-2026-23103

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the ipvlan implementation related to address locking. The initial code assumed address changes occurred under RTNL, but this is not the case for IPv6. This could lead to a false negative in ipvlan addr busy() where one interface iterates through addresses while another adds an IP address under its own lock, specifically possible with ipvlan addr6 event(). A race condition could also occur because ipvlan ht addr add(port) is called under different locks. The issue is considered minor as simultaneous calls to ipvlan add addr() are unlikely, and it should not significantly impact performance due to the infrequent nature of IP address addition and removal. The fix introduces a per-port addrs lock and corrects missing lock acquisitions in ipvlan open and ipvlan close.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.