{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23153", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.977Z", "datePublished": "2026-02-14T16:01:21.077Z", "dateUpdated": "2026-05-11T22:01:14.351Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:01:14.351Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: core: fix race condition against transaction list\n\nThe list of transaction is enumerated without acquiring card lock when\nprocessing AR response event. This causes a race condition bug when\nprocessing AT request completion event concurrently.\n\nThis commit fixes the bug by put timer start for split transaction\nexpiration into the scope of lock. The value of jiffies in card structure\nis referred before acquiring the lock."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firewire/core-transaction.c"], "versions": [{"version": "b5725cfa4120a4d234ab112aad151d731531d093", "lessThan": "b038874e31fc3caa0b0d5abd259dd54b918ad4a1", "status": "affected", "versionType": "git"}, {"version": "b5725cfa4120a4d234ab112aad151d731531d093", "lessThan": "20e01bba2ae4898ce65cdcacd1bd6bec5111abd9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firewire/core-transaction.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.9", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b038874e31fc3caa0b0d5abd259dd54b918ad4a1"}, {"url": "https://git.kernel.org/stable/c/20e01bba2ae4898ce65cdcacd1bd6bec5111abd9"}], "title": "firewire: core: fix race condition against transaction list", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "64A5E20D-6D91-446C-A826-4E89EFEA0278", "versionEndExcluding": "6.18.9", "versionStartIncluding": "6.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: core: fix race condition against transaction list\n\nThe list of transaction is enumerated without acquiring card lock when\nprocessing AR response event. This causes a race condition bug when\nprocessing AT request completion event concurrently.\n\nThis commit fixes the bug by put timer start for split transaction\nexpiration into the scope of lock. The value of jiffies in card structure\nis referred before acquiring the lock."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nfirewire: core: corrige condici\u00f3n de carrera contra la lista de transacciones\n\nLa lista de transacciones se enumera sin adquirir el bloqueo de la tarjeta al procesar el evento de respuesta AR. Esto causa un error de condici\u00f3n de carrera al procesar el evento de finalizaci\u00f3n de solicitud AT concurrentemente.\n\nEste commit corrige el error al poner el inicio del temporizador para la expiraci\u00f3n de transacciones divididas dentro del alcance del bloqueo. Se consulta el valor de jiffies en la estructura de la tarjeta antes de adquirir el bloqueo."}], "id": "CVE-2026-23153", "lastModified": "2026-03-18T14:16:24.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-14T16:15:55.443", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/20e01bba2ae4898ce65cdcacd1bd6bec5111abd9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b038874e31fc3caa0b0d5abd259dd54b918ad4a1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: firewire: core: fix race condition against transaction list", "id": "2439948", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439948"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfirewire: core: fix race condition against transaction list\nThe list of transaction is enumerated without acquiring card lock when\nprocessing AR response event. This causes a race condition bug when\nprocessing AT request completion event concurrently.\nThis commit fixes the bug by put timer start for split transaction\nexpiration into the scope of lock. The value of jiffies in card structure\nis referred before acquiring the lock."], "name": "CVE-2026-23153", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23153\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23153\nhttps://lore.kernel.org/linux-cve-announce/2026021415-CVE-2026-23153-9e56@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b5725cfa4120a4d234ab112aad151d731531d093,b038874e31fc3caa0b0d5abd259dd54b918ad4a1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b5725cfa4120a4d234ab112aad151d731531d093,20e01bba2ae4898ce65cdcacd1bd6bec5111abd9)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.9,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-17T19:34:38.518186+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that includes the commit that fixes the race condition\u2014the patch is available in the kernel source for commit 20e01bba2ae4898ce65cdcacd1bd6bec5111abd9 or derived from b038874e31fc3caa0b0d5abd259dd54b918ad4a1.", "Reboot the system or reload the kernel modules so the patched code is active, ensuring the Firewire subsystem uses the updated logic.", "If an immediate kernel upgrade is not feasible, temporarily disable or block the Firewire subsystem by unbinding the firewire-core module or adding \"blacklist firewire-core\" to /etc/modprobe.d/blacklist.conf to prevent Firewire traffic until the patch is applied."], "summary": {"action": "Assess Impact", "impact": "Race Condition"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Linux kernel's Firewire core as found in kernel releases from 6.19 RC1 through RC7 and any earlier kernels that omit the fix. Systems running these kernel versions, especially those with Firewire devices enabled, are at risk. Linux kernel maintainers and users deploying recent releases should verify whether the relevant patch is present.", "description_and_impact": "A race condition exists in the Firewire core subsystem of the Linux kernel during AR response event processing. Concurrent AT request completion events can enumerate the transaction list without holding the card lock, leading to data inconsistencies. This flaw could trigger a kernel crash or other system instability, thereby affecting system availability and potentially compromising the integrity of kernel operations.", "risk_and_exploitability": "With a CVSS score of 4.7 and an EPSS value below 1 percent, the risk level is considered moderate and the likelihood of exploitation low. The bug requires a precise race condition between AR and AT events, which is difficult to trigger reliably. No public exploitation vectors are documented, and the vulnerability is not listed in the CISA KEV catalog. The most plausible attack scenario would involve a local or physically connected attacker who can manipulate Firewire traffic to induce the race, but this remains an advanced threat."}}}}, "created": "2026-02-16T12:01:14.585219+00:00", "updated": "2026-04-17T19:45:25.889642+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}