{"id":"CVE-2026-23212","summary":"bonding: annotate data-races around slave-\u003elast_rx","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: annotate data-races around slave-\u003elast_rx\n\nslave-\u003elast_rx and slave-\u003etarget_last_arp_rx[...] can be read and written\nlocklessly. Add READ_ONCE() and WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1:\n  bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n  bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n  __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n  __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n  __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n  netif_receive_skb_internal net/core/dev.c:6351 [inline]\n  netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n...\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0:\n  bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n  bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n  __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n  __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n  __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n  netif_receive_skb_internal net/core/dev.c:6351 [inline]\n  netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n  br_netif_receive_skb net/bridge/br_input.c:30 [inline]\n  NF_HOOK include/linux/netfilter.h:318 [inline]\n...\n\nvalue changed: 0x0000000100005365 -\u003e 0x0000000100005366","modified":"2026-05-18T05:57:39.410942814Z","published":"2026-02-18T14:16:28.104Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23212.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23212.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23212"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f5b2b966f032f22d3a289045a5afd4afa09f09c6"},{"fixed":"a7516cb0165926d308187e231ccd330e5e3ebff7"},{"fixed":"8c0be3277e7aefb2f900fc37ca3fe7df362e26f5"},{"fixed":"b956289b83887e0a306067b6003c3fcd81bfdf84"},{"fixed":"bd98324e327e41de04b13e372cc16f73150df254"},{"fixed":"f6c3665b6dc53c3ab7d31b585446a953a74340ef"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23212.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.19"},{"fixed":"6.1.162"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.123"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.69"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23212.json"}}],"schema_version":"1.7.5"}