Home

Description

In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev->work dev->work can re read locklessly in mISDN_read() and mISDN_poll(). Add READ_ONCE()/WRITE_ONCE() annotations. BUG: KCSAN: data-race in mISDN_ioctl / mISDN_read write to 0xffff88812d848280 of 4 bytes by task 10864 on cpu 1: misdn_add_timer drivers/isdn/mISDN/timerdev.c:175 [inline] mISDN_ioctl+0x2fb/0x550 drivers/isdn/mISDN/timerdev.c:233 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583 x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff88812d848280 of 4 bytes by task 10857 on cpu 0: mISDN_read+0x1f2/0x470 drivers/isdn/mISDN/timerdev.c:112 do_loop_readv_writev fs/read_write.c:847 [inline] vfs_readv+0x3fb/0x690 fs/read_write.c:1020 do_readv+0xe7/0x210 fs/read_write.c:1080 __do_sys_readv fs/read_write.c:1165 [inline] __se_sys_readv fs/read_write.c:1162 [inline] __x64_sys_readv+0x45/0x50 fs/read_write.c:1162 x64_sys_call+0x2831/0x3000 arch/x86/include/generated/asm/syscalls_64.h:20 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000000 -> 0x00000001

PUBLISHED Reserved 2026-01-13 | Published 2026-02-14 | Updated 2026-02-14 | Assigner Linux

Product status

Default status
unaffected

1b2b03f8e514e4f68e293846ba511a948b80243c (git) before d5d99cb9e0839093cd53aa3b28176fce2f820ca0
affected

1b2b03f8e514e4f68e293846ba511a948b80243c (git) before 13f3b3b87068898056db4c79ee67052fbde11d43
affected

1b2b03f8e514e4f68e293846ba511a948b80243c (git) before accc3f8266d2a49881dbcf78c459477f4efa0ff3
affected

1b2b03f8e514e4f68e293846ba511a948b80243c (git) before fc8ba17fd3337bd8b1913c30b95df0fee00d8fb7
affected

1b2b03f8e514e4f68e293846ba511a948b80243c (git) before aa6e33cd74ca4965f2bbcb025e0b672fb0168a69
affected

1b2b03f8e514e4f68e293846ba511a948b80243c (git) before 7ac345a93af31358e18e9606eb7b354691bf6757
affected

1b2b03f8e514e4f68e293846ba511a948b80243c (git) before 8175dbf174d487afab81e936a862a8d9b8a1ccb6
affected

Default status
affected

2.6.27
affected

Any version before 2.6.27
unaffected

5.10.249 (semver)
unaffected

5.15.199 (semver)
unaffected

6.1.162 (semver)
unaffected

6.6.122 (semver)
unaffected

6.12.68 (semver)
unaffected

6.18.8 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/d5d99cb9e0839093cd53aa3b28176fce2f820ca0

git.kernel.org/...c/13f3b3b87068898056db4c79ee67052fbde11d43

git.kernel.org/...c/accc3f8266d2a49881dbcf78c459477f4efa0ff3

git.kernel.org/...c/fc8ba17fd3337bd8b1913c30b95df0fee00d8fb7

git.kernel.org/...c/aa6e33cd74ca4965f2bbcb025e0b672fb0168a69

git.kernel.org/...c/7ac345a93af31358e18e9606eb7b354691bf6757

git.kernel.org/...c/8175dbf174d487afab81e936a862a8d9b8a1ccb6

cve.org (CVE-2026-23121)

nvd.nist.gov (CVE-2026-23121)

Download JSON