CVE-2026-23045

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23045
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23045.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23045
Downstream
Published
2026-02-04T16:00:27.874Z
Modified
2026-02-09T19:35:03.506108Z
Summary
net/ena: fix missing lock when update devlink params
Details

In the Linux kernel, the following vulnerability has been resolved:

net/ena: fix missing lock when update devlink params

Fix assert lock warning while calling devlparamdriverinitvalueset() in ena.

WARNING: net/devlink/core.c:261 at devlassertlocked+0x62/0x90, CPU#0: kworker/0:0/9 CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.19.0-rc2+ #1 PREEMPT(lazy) Hardware name: Amazon EC2 m8i-flex.4xlarge/, BIOS 1.0 10/16/2017 Workqueue: events workforcpufn RIP: 0010:devlassert_locked+0x62/0x90

Call Trace: <TASK> devlparamdriverinitvalueset+0x15/0x1c0 enadevlinkalloc+0x18c/0x220 [ena] ? __pfxenadevlink_alloc+0x10/0x10 [ena] ? tracehardirqson+0x18/0x140 ? lockdephardirqson+0x8c/0x130 ? __rawspinunlock_irqrestore+0x5d/0x80 ? __rawspinunlockirqrestore+0x46/0x80 ? devmioremapwc+0x9a/0xd0 enaprobe+0x4d2/0x1b20 [ena] ? __lock_acquire+0x56a/0xbd0 ? __pfxenaprobe+0x10/0x10 [ena] ? local_clock+0x15/0x30 ? __lockrelease.isra.0+0x1c9/0x340 ? markheldlocks+0x40/0x70 ? lockdephardirqsonprepare.part.0+0x92/0x170 ? tracehardirqson+0x18/0x140 ? lockdephardirqson+0x8c/0x130 ? __rawspinunlock_irqrestore+0x5d/0x80 ? __rawspinunlock_irqrestore+0x46/0x80 ? __pfxenaprobe+0x10/0x10 [ena] ...... </TASK>

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23045.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
816b52624cf6a03ea541956b448025d844a8287d
Fixed
f2c4bcfa193eef1b7457a56be9c47a8de015f225
Fixed
8da901ffe497a53fa4ecc3ceed0e6d771586f88e

Affected versions

v6.*
v6.16
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.18
v6.18-rc1
v6.18-rc2
v6.18-rc3
v6.18-rc4
v6.18-rc5
v6.18-rc6
v6.18-rc7
v6.18.1
v6.18.2
v6.18.3
v6.18.4
v6.18.5
v6.19-rc1
v6.19-rc2
v6.19-rc3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23045.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.17.0
Fixed
6.18.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23045.json"