{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23071", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.955Z", "datePublished": "2026-02-04T16:07:51.603Z", "dateUpdated": "2026-05-11T21:59:26.280Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:26.280Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: Fix race condition in hwspinlock irqsave routine\n\nPreviously, the address of the shared member '&map->spinlock_flags' was\npassed directly to 'hwspin_lock_timeout_irqsave'. This creates a race\ncondition where multiple contexts contending for the lock could overwrite\nthe shared flags variable, potentially corrupting the state for the\ncurrent lock owner.\n\nFix this by using a local stack variable 'flags' to store the IRQ state\ntemporarily."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/regmap/regmap.c"], "versions": [{"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08", "lessThan": "e1a7072bc4f958c9e852dc7e57e39f12b0bb44b5", "status": "affected", "versionType": "git"}, {"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08", "lessThan": "766e243ae8c8b27087a4cc605752c0d5ee2daeab", "status": "affected", "versionType": "git"}, {"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08", "lessThan": "f1e2fe26a51eca95b41420af76d22c2e613efd5e", "status": "affected", "versionType": "git"}, {"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08", "lessThan": "24f31be6ad70537fd7706269d99c92cade465a09", "status": "affected", "versionType": "git"}, {"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08", "lessThan": "4aab0ca0a0f7760e33edcb4e47576064d05128f5", "status": "affected", "versionType": "git"}, {"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08", "lessThan": "c2d2cf710dc3ee1a69e00b4ed8de607a92a07889", "status": "affected", "versionType": "git"}, {"version": "8698b9364710e7bac84b3af07dd410e39c8c2e08", "lessThan": "4b58aac989c1e3fafb1c68a733811859df388250", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/regmap/regmap.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e1a7072bc4f958c9e852dc7e57e39f12b0bb44b5"}, {"url": "https://git.kernel.org/stable/c/766e243ae8c8b27087a4cc605752c0d5ee2daeab"}, {"url": "https://git.kernel.org/stable/c/f1e2fe26a51eca95b41420af76d22c2e613efd5e"}, {"url": "https://git.kernel.org/stable/c/24f31be6ad70537fd7706269d99c92cade465a09"}, {"url": "https://git.kernel.org/stable/c/4aab0ca0a0f7760e33edcb4e47576064d05128f5"}, {"url": "https://git.kernel.org/stable/c/c2d2cf710dc3ee1a69e00b4ed8de607a92a07889"}, {"url": "https://git.kernel.org/stable/c/4b58aac989c1e3fafb1c68a733811859df388250"}], "title": "regmap: Fix race condition in hwspinlock irqsave routine", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "95549B78-E6A6-4A71-98AD-769FF0583875", "versionEndExcluding": "5.10.249", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A247FBA6-BEB9-484F-B892-DD5517949CCD", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "52F38E19-0FDD-4992-9D6D-D4169D689598", "versionEndExcluding": "6.12.68", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: Fix race condition in hwspinlock irqsave routine\n\nPreviously, the address of the shared member '&map->spinlock_flags' was\npassed directly to 'hwspin_lock_timeout_irqsave'. This creates a race\ncondition where multiple contexts contending for the lock could overwrite\nthe shared flags variable, potentially corrupting the state for the\ncurrent lock owner.\n\nFix this by using a local stack variable 'flags' to store the IRQ state\ntemporarily."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nregmap: Correcci\u00f3n de condici\u00f3n de carrera en la rutina hwspinlock irqsave\n\nAnteriormente, la direcci\u00f3n del miembro compartido '&map->spinlock_flags' se pasaba directamente a 'hwspin_lock_timeout_irqsave'. Esto crea una condici\u00f3n de carrera donde m\u00faltiples contextos que compiten por el bloqueo podr\u00edan sobrescribir la variable de banderas compartida, potencialmente corrompiendo el estado para el propietario actual del bloqueo.\n\nEsto se soluciona usando una variable local de pila 'flags' para almacenar temporalmente el estado IRQ."}], "id": "CVE-2026-23071", "lastModified": "2026-03-18T17:29:14.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-04T17:16:17.817", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/24f31be6ad70537fd7706269d99c92cade465a09"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4aab0ca0a0f7760e33edcb4e47576064d05128f5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b58aac989c1e3fafb1c68a733811859df388250"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/766e243ae8c8b27087a4cc605752c0d5ee2daeab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c2d2cf710dc3ee1a69e00b4ed8de607a92a07889"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e1a7072bc4f958c9e852dc7e57e39f12b0bb44b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f1e2fe26a51eca95b41420af76d22c2e613efd5e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: regmap: Fix race condition in hwspinlock irqsave routine", "id": "2436822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436822"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23071", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23071\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23071\nhttps://lore.kernel.org/linux-cve-announce/2026020418-CVE-2026-23071-675b@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-17T23:39:46.611543+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a patched release that contains the regmap hwspinlock race condition fix.", "If an upgrade cannot be performed immediately, design the application to prevent simultaneous access to the same regmap instance by multiple threads or interrupt contexts, or limit regmap usage to a single privileged context.", "Continuously monitor system logs for signs of abnormal lock behavior or data corruption and apply the kernel update as soon as it becomes available."], "summary": {"action": "Apply Patch", "impact": "Race condition leading to state corruption in the Linux kernel regmap subsystem"}, "threat_synthesis": {"affected_systems": "The affected product is the Linux kernel, including all versions prior to the fix. The CPE list identifies at least kernel 6.19 release candidates (rc1 through rc6) as impacted, and the notation suggests all earlier stable kernel releases are likewise vulnerable.", "description_and_impact": "The vulnerability is a race condition in the regmap subsystem's hwspinlock irqsave routine. When the address of &map->spinlock_flags is directly passed to hwspin_lock_timeout_irqsave, multiple contexts can overwrite the shared flags variable, corrupting the state of the current lock owner. This can result in incorrect behavior or data corruption and is categorized as a race condition (CWE\u2011362).", "risk_and_exploitability": "The CVSS score of 4.7 indicates moderate severity, and the EPSS score of less than 1% denotes a very low probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation would likely require concurrent execution contexts\u2014such as multiple threads or interrupt handlers\u2014that contend for the same regmap instance, making a local or privileged kernel context the most probable attack vector."}}}}, "created": "2026-04-17T23:45:25.812768+00:00", "updated": "2026-04-17T23:45:25.812785+00:00", "vendors": []}