CVE-2026-43216

EUVD-2026-27776
In the Linux kernel, the following vulnerability has been resolved:

net: Drop the lock in skb_may_tx_timestamp()

skb_may_tx_timestamp() may acquire sock::sk_callback_lock. The lock must
not be taken in IRQ context, only softirq is okay. A few drivers receive
the timestamp via a dedicated interrupt and complete the TX timestamp
from that handler. This will lead to a deadlock if the lock is already
write-locked on the same CPU.

Taking the lock can be avoided. The socket (pointed by the skb) will
remain valid until the skb is released. The ->sk_socket and ->file
member will be set to NULL once the user closes the socket which may
happen before the timestamp arrives.
If we happen to observe the pointer while the socket is closing but
before the pointer is set to NULL then we may use it because both
pointer (and the file's cred member) are RCU freed.

Drop the lock. Use READ_ONCE() to obtain the individual pointer. Add a
matching WRITE_ONCE() where the pointer are cleared.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.0 ≤
𝑥
< 6.18.16
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.6
linuxlinux_kernel
7.0:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool6.18
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
bpftool6.18-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel-livepatch-6.18.16-18.222
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel6.18
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-debuginfo-common-aarch64
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-debuginfo-common-x86_64
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-devel
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-headers
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-libbpf
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-libbpf-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-libbpf-devel
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-libbpf-static
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-modules-extra
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-modules-extra-common
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-tools
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-tools-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
kernel6.18-tools-devel
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
perf6.18
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
perf6.18-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
python3-perf6.18
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
python3-perf6.18-debuginfo
Amazon Linux 2023
1:6.18.16-18.222.amzn2023
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/983512f3a87fd8dc4c94dfa6b596b6e57df5aad7
https://git.kernel.org/stable/c/e4c6efb3b70ff87f1df99efce2f8893717695718
https://git.kernel.org/stable/c/f3e4cceafad27c9363c33622732f86722846ec6f