Skip to content

Commit 99426e3

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2wj2-8hhp-h6hm GHSA-3w5h-8286-m3qw GHSA-44pj-mggw-c3m7 GHSA-528j-v6ch-qq32 GHSA-5ggv-7qrf-gvxf GHSA-5pm5-3fx7-4f4r GHSA-6mvr-5ch7-jjjq GHSA-6pp9-r78q-5hwx GHSA-7jxv-w4j5-p37v GHSA-8jcj-2cc9-ghpj GHSA-ccr5-8c2w-j2f4 GHSA-crj3-7xqp-x3m2 GHSA-fxmr-wvvq-356h GHSA-g579-pq4g-x964 GHSA-h3v4-524h-5jpx GHSA-j2h6-x5fv-586q GHSA-mwgw-4c23-7465 GHSA-p8gw-hvf3-xmc4 GHSA-rp48-fq7w-35g6 GHSA-x5p5-6q7q-gj33
1 parent b7ec4ee commit 99426e3

20 files changed

Lines changed: 840 additions & 0 deletions

File tree

advisories/unreviewed/2026/02/GHSA-2wj2-8hhp-h6hm/GHSA-2wj2-8hhp-h6hm.json

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2wj2-8hhp-h6hm",
4+
"modified": "2026-02-14T15:32:19Z",
5+
"published": "2026-02-14T15:32:19Z",
6+
"aliases": [
7+
"CVE-2026-23126"
8+
],
9+
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: fix a race issue related to the operation on bpf_bound_progs list\n\nThe netdevsim driver lacks a protection mechanism for operations on the\nbpf_bound_progs list. When the nsim_bpf_create_prog() performs\nlist_add_tail, it is possible that nsim_bpf_destroy_prog() is\nsimultaneously performs list_del. Concurrent operations on the list may\nlead to list corruption and trigger a kernel crash as follows:\n\n[ 417.290971] kernel BUG at lib/list_debug.c:62!\n[ 417.290983] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 417.290992] CPU: 10 PID: 168 Comm: kworker/10:1 Kdump: loaded Not tainted 6.19.0-rc5 #1\n[ 417.291003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 417.291007] Workqueue: events bpf_prog_free_deferred\n[ 417.291021] RIP: 0010:__list_del_entry_valid_or_report+0xa7/0xc0\n[ 417.291034] Code: a8 ff 0f 0b 48 89 fe 48 89 ca 48 c7 c7 48 a1 eb ae e8 ed fb a8 ff 0f 0b 48 89 fe 48 89 c2 48 c7 c7 80 a1 eb ae e8 d9 fb a8 ff <0f> 0b 48 89 d1 48 c7 c7 d0 a1 eb ae 48 89 f2 48 89 c6 e8 c2 fb a8\n[ 417.291040] RSP: 0018:ffffb16a40807df8 EFLAGS: 00010246\n[ 417.291046] RAX: 000000000000006d RBX: ffff8e589866f500 RCX: 0000000000000000\n[ 417.291051] RDX: 0000000000000000 RSI: ffff8e59f7b23180 RDI: ffff8e59f7b23180\n[ 417.291055] RBP: ffffb16a412c9000 R08: 0000000000000000 R09: 0000000000000003\n[ 417.291059] R10: ffffb16a40807c80 R11: ffffffffaf9edce8 R12: ffff8e594427ac20\n[ 417.291063] R13: ffff8e59f7b44780 R14: ffff8e58800b7a05 R15: 0000000000000000\n[ 417.291074] FS: 0000000000000000(0000) GS:ffff8e59f7b00000(0000) knlGS:0000000000000000\n[ 417.291079] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 417.291083] CR2: 00007fc4083efe08 CR3: 00000001c3626006 CR4: 0000000000770ee0\n[ 417.291088] PKRU: 55555554\n[ 417.291091] Call Trace:\n[ 417.291096] <TASK>\n[ 417.291103] nsim_bpf_destroy_prog+0x31/0x80 [netdevsim]\n[ 417.291154] __bpf_prog_offload_destroy+0x2a/0x80\n[ 417.291163] bpf_prog_dev_bound_destroy+0x6f/0xb0\n[ 417.291171] bpf_prog_free_deferred+0x18e/0x1a0\n[ 417.291178] process_one_work+0x18a/0x3a0\n[ 417.291188] worker_thread+0x27b/0x3a0\n[ 417.291197] ? __pfx_worker_thread+0x10/0x10\n[ 417.291207] kthread+0xe5/0x120\n[ 417.291214] ? __pfx_kthread+0x10/0x10\n[ 417.291221] ret_from_fork+0x31/0x50\n[ 417.291230] ? __pfx_kthread+0x10/0x10\n[ 417.291236] ret_from_fork_asm+0x1a/0x30\n[ 417.291246] </TASK>\n\nAdd a mutex lock, to prevent simultaneous addition and deletion operations\non the list.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23126"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://git.kernel.org/stable/c/3f560cfc7706029294132482fff5d1bc7884b70d"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://git.kernel.org/stable/c/68462ecc40ea8f780fb3c74ebfddd05506bb731b"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://git.kernel.org/stable/c/b97d5eedf4976cc94321243be83b39efe81a0e15"
28+
},
29+
{
30+
"type": "WEB",
31+
"url": "https://git.kernel.org/stable/c/d77379ca82efcb2fe563359cc795027d680410db"
32+
},
33+
{
34+
"type": "WEB",
35+
"url": "https://git.kernel.org/stable/c/f1f9cfd2f46a73b7de2982d01be822eac3a0efaa"
36+
}
37+
],
38+
"database_specific": {
39+
"cwe_ids": [],
40+
"severity": null,
41+
"github_reviewed": false,
42+
"github_reviewed_at": null,
43+
"nvd_published_at": "2026-02-14T15:16:07Z"
44+
}
45+
}

advisories/unreviewed/2026/02/GHSA-3w5h-8286-m3qw/GHSA-3w5h-8286-m3qw.json

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3w5h-8286-m3qw",
4+
"modified": "2026-02-14T15:32:18Z",
5+
"published": "2026-02-14T15:32:18Z",
6+
"aliases": [
7+
"CVE-2026-23120"
8+
],
9+
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: avoid one data-race in l2tp_tunnel_del_work()\n\nWe should read sk->sk_socket only when dealing with kernel sockets.\n\nsyzbot reported the following data-race:\n\nBUG: KCSAN: data-race in l2tp_tunnel_del_work / sk_common_release\n\nwrite to 0xffff88811c182b20 of 8 bytes by task 5365 on cpu 0:\n sk_set_socket include/net/sock.h:2092 [inline]\n sock_orphan include/net/sock.h:2118 [inline]\n sk_common_release+0xae/0x230 net/core/sock.c:4003\n udp_lib_close+0x15/0x20 include/net/udp.h:325\n inet_release+0xce/0xf0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:662 [inline]\n sock_close+0x6b/0x150 net/socket.c:1455\n __fput+0x29b/0x650 fs/file_table.c:468\n ____fput+0x1c/0x30 fs/file_table.c:496\n task_work_run+0x131/0x1a0 kernel/task_work.c:233\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]\n exit_to_user_mode_loop+0x1fe/0x740 kernel/entry/common.c:75\n __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]\n syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]\n do_syscall_64+0x1e1/0x2b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff88811c182b20 of 8 bytes by task 827 on cpu 1:\n l2tp_tunnel_del_work+0x2f/0x1a0 net/l2tp/l2tp_core.c:1418\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340\n worker_thread+0x582/0x770 kernel/workqueue.c:3421\n kthread+0x489/0x510 kernel/kthread.c:463\n ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n\nvalue changed: 0xffff88811b818000 -> 0x0000000000000000",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23120"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://git.kernel.org/stable/c/1f63ca44b4f419a1663d94d1bb0b4e2beb73fdb4"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://git.kernel.org/stable/c/32d417497b79efb403d75f4c185fe6fd9d64b94f"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://git.kernel.org/stable/c/36c40a80109f1771d59558050b1a71e13c60c759"
28+
},
29+
{
30+
"type": "WEB",
31+
"url": "https://git.kernel.org/stable/c/3d6d414b214ce31659bded2f8df50c93a3769474"
32+
},
33+
{
34+
"type": "WEB",
35+
"url": "https://git.kernel.org/stable/c/68e92085427c84e7679ddb53c0d68836d220b6e7"
36+
},
37+
{
38+
"type": "WEB",
39+
"url": "https://git.kernel.org/stable/c/7a29f6bf60f2590fe5e9c4decb451e19afad2bcf"
40+
},
41+
{
42+
"type": "WEB",
43+
"url": "https://git.kernel.org/stable/c/eae074dab764ea181bbed5e88626889319177498"
44+
}
45+
],
46+
"database_specific": {
47+
"cwe_ids": [],
48+
"severity": null,
49+
"github_reviewed": false,
50+
"github_reviewed_at": null,
51+
"nvd_published_at": "2026-02-14T15:16:07Z"
52+
}
53+
}

advisories/unreviewed/2026/02/GHSA-44pj-mggw-c3m7/GHSA-44pj-mggw-c3m7.json

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-44pj-mggw-c3m7",
4+
"modified": "2026-02-14T15:32:18Z",
5+
"published": "2026-02-14T15:32:18Z",
6+
"aliases": [
7+
"CVE-2026-23116"
8+
],
9+
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu\n\nFor i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset\nand clock enable bits, but is ungated and reset together with the VPUs.\nSo we can't reset G1 or G2 separately, it may led to the system hang.\nRemove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data.\nLet imx8mq_vpu_power_notifier() do really vpu reset.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23116"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://git.kernel.org/stable/c/3de49966499634454fd59e0e6fecd50baab7febd"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://git.kernel.org/stable/c/5c56a6f4b5a4f87c094c92a30fa17e28e37ec2ab"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://git.kernel.org/stable/c/8859e336d233e61a4c40d40dc6a9f21e8b9b719c"
28+
},
29+
{
30+
"type": "WEB",
31+
"url": "https://git.kernel.org/stable/c/cad7003d951e8899db58ee2fef211586af726f09"
32+
},
33+
{
34+
"type": "WEB",
35+
"url": "https://git.kernel.org/stable/c/fd675de6bddf7e9bdf42ae3929d4c27ba6d1ef76"
36+
}
37+
],
38+
"database_specific": {
39+
"cwe_ids": [],
40+
"severity": null,
41+
"github_reviewed": false,
42+
"github_reviewed_at": null,
43+
"nvd_published_at": "2026-02-14T15:16:06Z"
44+
}
45+
}

advisories/unreviewed/2026/02/GHSA-528j-v6ch-qq32/GHSA-528j-v6ch-qq32.json

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-528j-v6ch-qq32",
4+
"modified": "2026-02-14T15:32:19Z",
5+
"published": "2026-02-14T15:32:19Z",
6+
"aliases": [
7+
"CVE-2026-23124"
8+
],
9+
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: annotate data-race in ndisc_router_discovery()\n\nsyzbot found that ndisc_router_discovery() could read and write\nin6_dev->ra_mtu without holding a lock [1]\n\nThis looks fine, IFLA_INET6_RA_MTU is best effort.\n\nAdd READ_ONCE()/WRITE_ONCE() to document the race.\n\nNote that we might also reject illegal MTU values\n(mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) in a future patch.\n\n[1]\nBUG: KCSAN: data-race in ndisc_router_discovery / ndisc_router_discovery\n\nread to 0xffff888119809c20 of 4 bytes by task 25817 on cpu 1:\n ndisc_router_discovery+0x151d/0x1c90 net/ipv6/ndisc.c:1558\n ndisc_rcv+0x2ad/0x3d0 net/ipv6/ndisc.c:1841\n icmpv6_rcv+0xe5a/0x12f0 net/ipv6/icmp.c:989\n ip6_protocol_deliver_rcu+0xb2a/0x10d0 net/ipv6/ip6_input.c:438\n ip6_input_finish+0xf0/0x1d0 net/ipv6/ip6_input.c:489\n NF_HOOK include/linux/netfilter.h:318 [inline]\n ip6_input+0x5e/0x140 net/ipv6/ip6_input.c:500\n ip6_mc_input+0x27c/0x470 net/ipv6/ip6_input.c:590\n dst_input include/net/dst.h:474 [inline]\n ip6_rcv_finish+0x336/0x340 net/ipv6/ip6_input.c:79\n...\n\nwrite to 0xffff888119809c20 of 4 bytes by task 25816 on cpu 0:\n ndisc_router_discovery+0x155a/0x1c90 net/ipv6/ndisc.c:1559\n ndisc_rcv+0x2ad/0x3d0 net/ipv6/ndisc.c:1841\n icmpv6_rcv+0xe5a/0x12f0 net/ipv6/icmp.c:989\n ip6_protocol_deliver_rcu+0xb2a/0x10d0 net/ipv6/ip6_input.c:438\n ip6_input_finish+0xf0/0x1d0 net/ipv6/ip6_input.c:489\n NF_HOOK include/linux/netfilter.h:318 [inline]\n ip6_input+0x5e/0x140 net/ipv6/ip6_input.c:500\n ip6_mc_input+0x27c/0x470 net/ipv6/ip6_input.c:590\n dst_input include/net/dst.h:474 [inline]\n ip6_rcv_finish+0x336/0x340 net/ipv6/ip6_input.c:79\n...\n\nvalue changed: 0x00000000 -> 0xe5400659",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23124"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://git.kernel.org/stable/c/2619499169fb1c2ac4974b0f2d87767fb543582b"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://git.kernel.org/stable/c/2a2b9d25f801afecf2f83cacce98afa8fd73e3c9"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://git.kernel.org/stable/c/4630897eb1a039b5d7b737b8dc9521d9d4b568b5"
28+
},
29+
{
30+
"type": "WEB",
31+
"url": "https://git.kernel.org/stable/c/9a063f96d87efc3a6cc667f8de096a3d38d74bb5"
32+
},
33+
{
34+
"type": "WEB",
35+
"url": "https://git.kernel.org/stable/c/e3c1040252e598f7b4e33a42dc7c38519bc22428"
36+
},
37+
{
38+
"type": "WEB",
39+
"url": "https://git.kernel.org/stable/c/fad8f4ff7928f4d52a062ffdcffa484989c79c47"
40+
}
41+
],
42+
"database_specific": {
43+
"cwe_ids": [],
44+
"severity": null,
45+
"github_reviewed": false,
46+
"github_reviewed_at": null,
47+
"nvd_published_at": "2026-02-14T15:16:07Z"
48+
}
49+
}

advisories/unreviewed/2026/02/GHSA-5ggv-7qrf-gvxf/GHSA-5ggv-7qrf-gvxf.json

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5ggv-7qrf-gvxf",
4+
"modified": "2026-02-14T15:32:18Z",
5+
"published": "2026-02-14T15:32:18Z",
6+
"aliases": [
7+
"CVE-2025-71200"
8+
],
9+
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode\n\nWhen operating in HS200 or HS400 timing modes, reducing the clock frequency\nbelow 52MHz will lead to link broken as the Rockchip DWC MSHC controller\nrequires maintaining a minimum clock of 52MHz in these modes.\n\nAdd a check to prevent illegal clock reduction through debugfs:\n\nroot@debian:/# echo 50000000 > /sys/kernel/debug/mmc0/clock\nroot@debian:/# [ 30.090146] mmc0: running CQE recovery\nmmc0: cqhci: Failed to halt\nmmc0: cqhci: spurious TCN for tag 0\nWARNING: drivers/mmc/host/cqhci-core.c:797 at cqhci_irq+0x254/0x818, CPU#1: kworker/1:0H/24\nModules linked in:\nCPU: 1 UID: 0 PID: 24 Comm: kworker/1:0H Not tainted 6.19.0-rc1-00001-g09db0998649d-dirty #204 PREEMPT\nHardware name: Rockchip RK3588 EVB1 V10 Board (DT)\nWorkqueue: kblockd blk_mq_run_work_fn\npstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : cqhci_irq+0x254/0x818\nlr : cqhci_irq+0x254/0x818\n...",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71200"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://git.kernel.org/stable/c/3009738a855cf938bbfc9078bec725031ae623a4"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://git.kernel.org/stable/c/36be050f21dea7a3a76dff5a031da6274e8ee468"
24+
},
25+
{
26+
"type": "WEB",
27+
"url": "https://git.kernel.org/stable/c/59b8a1ca6df4db2ca250e9eeab74e2b0068d69e9"
28+
},
29+
{
30+
"type": "WEB",
31+
"url": "https://git.kernel.org/stable/c/de0ad7156036a50982bcb75a080e4af284502be2"
32+
},
33+
{
34+
"type": "WEB",
35+
"url": "https://git.kernel.org/stable/c/f2677d6e2bbc5ba2030825522d2afd0542b038a3"
36+
}
37+
],
38+
"database_specific": {
39+
"cwe_ids": [],
40+
"severity": null,
41+
"github_reviewed": false,
42+
"github_reviewed_at": null,
43+
"nvd_published_at": "2026-02-14T15:16:05Z"
44+
}
45+
}

advisories/unreviewed/2026/02/GHSA-5pm5-3fx7-4f4r/GHSA-5pm5-3fx7-4f4r.json

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5pm5-3fx7-4f4r",
4+
"modified": "2026-02-14T15:32:19Z",
5+
"published": "2026-02-14T15:32:19Z",
6+
"aliases": [
7+
"CVE-2026-23127"
8+
],
9+
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix refcount warning on event->mmap_count increment\n\nWhen calling refcount_inc(&event->mmap_count) inside perf_mmap_rb(), the\nfollowing warning is triggered:\n\n refcount_t: addition on 0; use-after-free.\n WARNING: lib/refcount.c:25\n\nPoC:\n\n struct perf_event_attr attr = {0};\n int fd = syscall(__NR_perf_event_open, &attr, 0, -1, -1, 0);\n mmap(NULL, 0x3000, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);\n int victim = syscall(__NR_perf_event_open, &attr, 0, -1, fd,\n PERF_FLAG_FD_OUTPUT);\n mmap(NULL, 0x3000, PROT_READ | PROT_WRITE, MAP_SHARED, victim, 0);\n\nThis occurs when creating a group member event with the flag\nPERF_FLAG_FD_OUTPUT. The group leader should be mmap-ed and then mmap-ing\nthe event triggers the warning.\n\nSince the event has copied the output_event in perf_event_set_output(),\nevent->rb is set. As a result, perf_mmap_rb() calls\nrefcount_inc(&event->mmap_count) when event->mmap_count = 0.\n\nDisallow the case when event->mmap_count = 0. This also prevents two\nevents from updating the same user_page.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23127"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://git.kernel.org/stable/c/23c0e4bd93d0b250775162faf456470485ac9fc7"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://git.kernel.org/stable/c/d06bf78e55d5159c1b00072e606ab924ffbbad35"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [],
28+
"severity": null,
29+
"github_reviewed": false,
30+
"github_reviewed_at": null,
31+
"nvd_published_at": "2026-02-14T15:16:07Z"
32+
}
33+
}

advisories/unreviewed/2026/02/GHSA-6mvr-5ch7-jjjq/GHSA-6mvr-5ch7-jjjq.json

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6mvr-5ch7-jjjq",
4+
"modified": "2026-02-14T15:32:19Z",
5+
"published": "2026-02-14T15:32:19Z",
6+
"aliases": [
7+
"CVE-2026-23130"
8+
],
9+
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix dead lock while flushing management frames\n\nCommit [1] converted the management transmission work item into a\nwiphy work. Since a wiphy work can only run under wiphy lock\nprotection, a race condition happens in below scenario:\n\n1. a management frame is queued for transmission.\n2. ath12k_mac_op_flush() gets called to flush pending frames associated\n with the hardware (i.e, vif being NULL). Then in ath12k_mac_flush()\n the process waits for the transmission done.\n3. Since wiphy lock has been taken by the flush process, the transmission\n work item has no chance to run, hence the dead lock.\n\n>From user view, this dead lock results in below issue:\n\n wlp8s0: authenticate with xxxxxx (local address=xxxxxx)\n wlp8s0: send auth to xxxxxx (try 1/3)\n wlp8s0: authenticate with xxxxxx (local address=xxxxxx)\n wlp8s0: send auth to xxxxxx (try 1/3)\n wlp8s0: authenticated\n wlp8s0: associate with xxxxxx (try 1/3)\n wlp8s0: aborting association with xxxxxx by local choice (Reason: 3=DEAUTH_LEAVING)\n ath12k_pci 0000:08:00.0: failed to flush mgmt transmit queue, mgmt pkts pending 1\n\nThe dead lock can be avoided by invoking wiphy_work_flush() to proactively\nrun the queued work item. Note actually it is already present in\nath12k_mac_op_flush(), however it does not protect the case where vif\nbeing NULL. Hence move it ahead to cover this case as well.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00302-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.115823.3",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23130"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://git.kernel.org/stable/c/06ac2aa13f701a0296e92f5f54ae24224d426b28"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://git.kernel.org/stable/c/f88e9fc30a261d63946ddc6cc6a33405e6aa27c3"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [],
28+
"severity": null,
29+
"github_reviewed": false,
30+
"github_reviewed_at": null,
31+
"nvd_published_at": "2026-02-14T15:16:08Z"
32+
}
33+
}

0 commit comments

Comments
 (0)