AZL-77691

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77691.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-77691

Upstream

CVE-2026-23118

Published

2026-02-14T15:16:06Z

Modified

2026-04-21T04:34:19.418358Z

Summary

CVE-2026-23118 affecting package kernel 6.6.126.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix data-race warning and potential load/store tearing

Fix the following:

    BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet

which is reporting an issue with the reads and writes to ->lasttxat in:

    conn->peer->last_tx_at = ktime_get_seconds();

and:

    keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;

The lockless accesses to these to values aren't actually a problem as the read only needs an approximate time of last transmission for the purposes of deciding whether or not the transmission of a keepalive packet is warranted yet.

Also, as ->lasttxat is a 64-bit value, tearing can occur on a 32-bit arch.

Fix both of these by switching to an unsigned int for ->lasttxat and only storing the LSW of the time64_t. It can then be reconstructed at need provided no more than 68 years has elapsed since the last transmission.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-23118

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.6.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77691.json"