{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23212","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.986Z","datePublished":"2026-02-18T14:16:28.104Z","dateUpdated":"2026-05-11T22:02:29.466Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:02:29.466Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: annotate data-races around slave->last_rx\n\nslave->last_rx and slave->target_last_arp_rx[...] can be read and written\nlocklessly. Add READ_ONCE() and WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1:\n  bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n  bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n  __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n  __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n  __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n  netif_receive_skb_internal net/core/dev.c:6351 [inline]\n  netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n...\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0:\n  bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n  bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n  __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n  __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n  __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n  netif_receive_skb_internal net/core/dev.c:6351 [inline]\n  netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n  br_netif_receive_skb net/bridge/br_input.c:30 [inline]\n  NF_HOOK include/linux/netfilter.h:318 [inline]\n...\n\nvalue changed: 0x0000000100005365 -> 0x0000000100005366"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/bonding/bond_main.c","drivers/net/bonding/bond_options.c","include/net/bonding.h"],"versions":[{"version":"f5b2b966f032f22d3a289045a5afd4afa09f09c6","lessThan":"a7516cb0165926d308187e231ccd330e5e3ebff7","status":"affected","versionType":"git"},{"version":"f5b2b966f032f22d3a289045a5afd4afa09f09c6","lessThan":"8c0be3277e7aefb2f900fc37ca3fe7df362e26f5","status":"affected","versionType":"git"},{"version":"f5b2b966f032f22d3a289045a5afd4afa09f09c6","lessThan":"b956289b83887e0a306067b6003c3fcd81bfdf84","status":"affected","versionType":"git"},{"version":"f5b2b966f032f22d3a289045a5afd4afa09f09c6","lessThan":"bd98324e327e41de04b13e372cc16f73150df254","status":"affected","versionType":"git"},{"version":"f5b2b966f032f22d3a289045a5afd4afa09f09c6","lessThan":"f6c3665b6dc53c3ab7d31b585446a953a74340ef","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/bonding/bond_main.c","drivers/net/bonding/bond_options.c","include/net/bonding.h"],"versions":[{"version":"2.6.19","status":"affected"},{"version":"0","lessThan":"2.6.19","status":"unaffected","versionType":"semver"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.123","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.69","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.9","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.1.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.6.123"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.12.69"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.18.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7"},{"url":"https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5"},{"url":"https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84"},{"url":"https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254"},{"url":"https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef"}],"title":"bonding: annotate data-races around slave->last_rx","x_generator":{"engine":"bippy-1.2.0"}}}}