{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23121", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.970Z", "datePublished": "2026-02-14T15:09:51.912Z", "dateUpdated": "2026-05-11T22:00:32.188Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:00:32.188Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: annotate data-race around dev->work\n\ndev->work can re read locklessly in mISDN_read()\nand mISDN_poll(). Add READ_ONCE()/WRITE_ONCE() annotations.\n\nBUG: KCSAN: data-race in mISDN_ioctl / mISDN_read\n\nwrite to 0xffff88812d848280 of 4 bytes by task 10864 on cpu 1:\n misdn_add_timer drivers/isdn/mISDN/timerdev.c:175 [inline]\n mISDN_ioctl+0x2fb/0x550 drivers/isdn/mISDN/timerdev.c:233\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583\n __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583\n x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff88812d848280 of 4 bytes by task 10857 on cpu 0:\n mISDN_read+0x1f2/0x470 drivers/isdn/mISDN/timerdev.c:112\n do_loop_readv_writev fs/read_write.c:847 [inline]\n vfs_readv+0x3fb/0x690 fs/read_write.c:1020\n do_readv+0xe7/0x210 fs/read_write.c:1080\n __do_sys_readv fs/read_write.c:1165 [inline]\n __se_sys_readv fs/read_write.c:1162 [inline]\n __x64_sys_readv+0x45/0x50 fs/read_write.c:1162\n x64_sys_call+0x2831/0x3000 arch/x86/include/generated/asm/syscalls_64.h:20\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nvalue changed: 0x00000000 -> 0x00000001"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/isdn/mISDN/timerdev.c"], "versions": [{"version": "1b2b03f8e514e4f68e293846ba511a948b80243c", "lessThan": "d5d99cb9e0839093cd53aa3b28176fce2f820ca0", "status": "affected", "versionType": "git"}, {"version": "1b2b03f8e514e4f68e293846ba511a948b80243c", "lessThan": "13f3b3b87068898056db4c79ee67052fbde11d43", "status": "affected", "versionType": "git"}, {"version": "1b2b03f8e514e4f68e293846ba511a948b80243c", "lessThan": "accc3f8266d2a49881dbcf78c459477f4efa0ff3", "status": "affected", "versionType": "git"}, {"version": "1b2b03f8e514e4f68e293846ba511a948b80243c", "lessThan": "fc8ba17fd3337bd8b1913c30b95df0fee00d8fb7", "status": "affected", "versionType": "git"}, {"version": "1b2b03f8e514e4f68e293846ba511a948b80243c", "lessThan": "aa6e33cd74ca4965f2bbcb025e0b672fb0168a69", "status": "affected", "versionType": "git"}, {"version": "1b2b03f8e514e4f68e293846ba511a948b80243c", "lessThan": "7ac345a93af31358e18e9606eb7b354691bf6757", "status": "affected", "versionType": "git"}, {"version": "1b2b03f8e514e4f68e293846ba511a948b80243c", "lessThan": "8175dbf174d487afab81e936a862a8d9b8a1ccb6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/isdn/mISDN/timerdev.c"], "versions": [{"version": "2.6.27", "status": "affected"}, {"version": "0", "lessThan": "2.6.27", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d5d99cb9e0839093cd53aa3b28176fce2f820ca0"}, {"url": "https://git.kernel.org/stable/c/13f3b3b87068898056db4c79ee67052fbde11d43"}, {"url": "https://git.kernel.org/stable/c/accc3f8266d2a49881dbcf78c459477f4efa0ff3"}, {"url": "https://git.kernel.org/stable/c/fc8ba17fd3337bd8b1913c30b95df0fee00d8fb7"}, {"url": "https://git.kernel.org/stable/c/aa6e33cd74ca4965f2bbcb025e0b672fb0168a69"}, {"url": "https://git.kernel.org/stable/c/7ac345a93af31358e18e9606eb7b354691bf6757"}, {"url": "https://git.kernel.org/stable/c/8175dbf174d487afab81e936a862a8d9b8a1ccb6"}], "title": "mISDN: annotate data-race around dev->work", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E8EF460-108F-4F75-A76F-D36A1C2AA384", "versionEndExcluding": "5.10.249", "versionStartIncluding": "2.6.27", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A247FBA6-BEB9-484F-B892-DD5517949CCD", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "52F38E19-0FDD-4992-9D6D-D4169D689598", "versionEndExcluding": "6.12.68", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: annotate data-race around dev->work\n\ndev->work can re read locklessly in mISDN_read()\nand mISDN_poll(). Add READ_ONCE()/WRITE_ONCE() annotations.\n\nBUG: KCSAN: data-race in mISDN_ioctl / mISDN_read\n\nwrite to 0xffff88812d848280 of 4 bytes by task 10864 on cpu 1:\n misdn_add_timer drivers/isdn/mISDN/timerdev.c:175 [inline]\n mISDN_ioctl+0x2fb/0x550 drivers/isdn/mISDN/timerdev.c:233\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583\n __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583\n x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff88812d848280 of 4 bytes by task 10857 on cpu 0:\n mISDN_read+0x1f2/0x470 drivers/isdn/mISDN/timerdev.c:112\n do_loop_readv_writev fs/read_write.c:847 [inline]\n vfs_readv+0x3fb/0x690 fs/read_write.c:1020\n do_readv+0xe7/0x210 fs/read_write.c:1080\n __do_sys_readv fs/read_write.c:1165 [inline]\n __se_sys_readv fs/read_write.c:1162 [inline]\n __x64_sys_readv+0x45/0x50 fs/read_write.c:1162\n x64_sys_call+0x2831/0x3000 arch/x86/include/generated/asm/syscalls_64.h:20\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nvalue changed: 0x00000000 -> 0x00000001"}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nmISDN: anotar condici\u00f3n de carrera de datos alrededor de dev->work\n\ndev->work puede ser rele\u00eddo sin bloqueo en mISDN_read() y mISDN_poll(). A\u00f1adir anotaciones READ_ONCE()/WRITE_ONCE().\n\nERROR: KCSAN: condici\u00f3n de carrera de datos en mISDN_ioctl / mISDN_read\n\nescritura en 0xffff88812d848280 de 4 bytes por la tarea 10864 en la CPU 1:\n misdn_add_timer drivers/isdn/mISDN/timerdev.c:175 [inline]\n mISDN_ioctl+0x2fb/0x550 drivers/isdn/mISDN/timerdev.c:233\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583\n __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583\n x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nlectura en 0xffff88812d848280 de 4 bytes por la tarea 10857 en la CPU 0:\n mISDN_read+0x1f2/0x470 drivers/isdn/mISDN/timerdev.c:112\n do_loop_readv_writev fs/read_write.c:847 [inline]\n vfs_readv+0x3fb/0x690 fs/read_write.c:1020\n do_readv+0xe7/0x210 fs/read_write.c:1080\n __do_sys_readv fs/read_write.c:1165 [inline]\n __se_sys_readv fs/read_write.c:1162 [inline]\n __x64_sys_readv+0x45/0x50 fs/read_write.c:1162\n x64_sys_call+0x2831/0x3000 arch/x86/include/generated/asm/syscalls_64.h:20\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nvalor cambiado: 0x00000000 -> 0x00000001"}], "id": "CVE-2026-23121", "lastModified": "2026-03-18T13:39:23.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-14T15:16:07.280", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/13f3b3b87068898056db4c79ee67052fbde11d43"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7ac345a93af31358e18e9606eb7b354691bf6757"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8175dbf174d487afab81e936a862a8d9b8a1ccb6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aa6e33cd74ca4965f2bbcb025e0b672fb0168a69"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/accc3f8266d2a49881dbcf78c459477f4efa0ff3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d5d99cb9e0839093cd53aa3b28176fce2f820ca0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fc8ba17fd3337bd8b1913c30b95df0fee00d8fb7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mISDN: annotate data-race around dev->work", "id": "2439848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439848"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23121", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23121\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23121\nhttps://lore.kernel.org/linux-cve-announce/2026021408-CVE-2026-23121-73e6@gregkh/T"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2b03f8e514e4f68e293846ba511a948b80243c,d5d99cb9e0839093cd53aa3b28176fce2f820ca0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2b03f8e514e4f68e293846ba511a948b80243c,13f3b3b87068898056db4c79ee67052fbde11d43)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2b03f8e514e4f68e293846ba511a948b80243c,accc3f8266d2a49881dbcf78c459477f4efa0ff3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2b03f8e514e4f68e293846ba511a948b80243c,fc8ba17fd3337bd8b1913c30b95df0fee00d8fb7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2b03f8e514e4f68e293846ba511a948b80243c,aa6e33cd74ca4965f2bbcb025e0b672fb0168a69)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2b03f8e514e4f68e293846ba511a948b80243c,7ac345a93af31358e18e9606eb7b354691bf6757)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1b2b03f8e514e4f68e293846ba511a948b80243c,8175dbf174d487afab81e936a862a8d9b8a1ccb6)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.6.27"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,2.6.27)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.249,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.199,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.162,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.122,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.68,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.8,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-18T18:06:46.814373+00:00", "value": {"mitigation_remediation": ["Upgrade to a Linux kernel that includes the mISDN data\u2011race fix (for example 6.19.1 or later).", "If a kernel upgrade is not immediately possible, unload or disable the mISDN kernel module to remove the vulnerable code path.", "Continuously monitor kernel logs and dmesg for signs of driver instability or anomalous behavior, applying the patch as soon as it becomes available."], "summary": {"action": "Patch Promptly", "impact": "Kernel data race that can lead to memory corruption"}, "threat_synthesis": {"affected_systems": "The vulnerable code is part of the mISDN module that ships with Linux kernel releases that include the driver, specifically the 6.19 release\u2011candidate series from rc1 through rc6. Any system running one of these kernels with the mISDN module loaded is affected. Older stable releases that drop or patch the module are not impacted.", "description_and_impact": "The Linux kernel mISDN driver contains a data race involving the dev->work pointer, which can be accessed without proper synchronization in mISDN_ioctl and mISDN_read. This race may cause inconsistent updates to driver state, potentially leading to kernel memory corruption or unpredictable driver behavior. A successful exploitation would enable a local or privileged attacker to manipulate kernel data structures, with the possibility of privilege escalation or system instability.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% suggests a very low likelihood of exploitation in the wild. The vulnerability is not listed in CISA KEV. Exploitation requires a local process with access to the mISDN device, either via ioctl or read operations, and precise timing to trigger the race. The likely attack vector is a local privileged user controlling the mISDN device."}}}}, "created": "2026-02-16T12:01:44.542063+00:00", "updated": "2026-04-18T18:15:06.582110+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}