DEBIAN-CVE-2026-23106
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-23106
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-23106.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-23106
- Upstream
- Published
- 2026-02-04T17:16:21.470Z
- Modified
- 2026-03-20T09:00:10.359923Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __doajdtimex() was introduced to handle adjtimex for any timekeeper, this reference to tkcore was not updated. When called on an auxiliary timekeeper, the core timekeeper would be updated incorrectly. This gets caught by the lock debugging diagnostics because the timekeepers sequence lock gets written to without holding its associated spinlock: WARNING: include/linux/seqlock.h:226 at __doadjtimex+0x394/0x3b0, CPU#2: test/125 auxclock_adj (kernel/time/timekeeping.c:2979) __dosysclockadjtime (kernel/time/posix-timers.c:1161 kernel/time/posix-timers.c:1173) dosyscall64 (arch/x86/entry/syscall64.c:63 (discriminator 1) arch/x86/entry/syscall64.c:94 (discriminator 1)) entrySYSCALL64afterhwframe (arch/x86/entry/entry64.S:131) Update the correct auxiliary timekeeper.
- References
Affected packages
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.18.8-1