{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T10:15:05.072","vulnerabilities":[{"cve":{"id":"CVE-2026-23126","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-14T15:16:07.853","lastModified":"2026-03-18T14:50:12.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: fix a race issue related to the operation on bpf_bound_progs list\n\nThe netdevsim driver lacks a protection mechanism for operations on the\nbpf_bound_progs list. When the nsim_bpf_create_prog() performs\nlist_add_tail, it is possible that nsim_bpf_destroy_prog() is\nsimultaneously performs list_del. Concurrent operations on the list may\nlead to list corruption and trigger a kernel crash as follows:\n\n[  417.290971] kernel BUG at lib/list_debug.c:62!\n[  417.290983] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[  417.290992] CPU: 10 PID: 168 Comm: kworker/10:1 Kdump: loaded Not tainted 6.19.0-rc5 #1\n[  417.291003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  417.291007] Workqueue: events bpf_prog_free_deferred\n[  417.291021] RIP: 0010:__list_del_entry_valid_or_report+0xa7/0xc0\n[  417.291034] Code: a8 ff 0f 0b 48 89 fe 48 89 ca 48 c7 c7 48 a1 eb ae e8 ed fb a8 ff 0f 0b 48 89 fe 48 89 c2 48 c7 c7 80 a1 eb ae e8 d9 fb a8 ff <0f> 0b 48 89 d1 48 c7 c7 d0 a1 eb ae 48 89 f2 48 89 c6 e8 c2 fb a8\n[  417.291040] RSP: 0018:ffffb16a40807df8 EFLAGS: 00010246\n[  417.291046] RAX: 000000000000006d RBX: ffff8e589866f500 RCX: 0000000000000000\n[  417.291051] RDX: 0000000000000000 RSI: ffff8e59f7b23180 RDI: ffff8e59f7b23180\n[  417.291055] RBP: ffffb16a412c9000 R08: 0000000000000000 R09: 0000000000000003\n[  417.291059] R10: ffffb16a40807c80 R11: ffffffffaf9edce8 R12: ffff8e594427ac20\n[  417.291063] R13: ffff8e59f7b44780 R14: ffff8e58800b7a05 R15: 0000000000000000\n[  417.291074] FS:  0000000000000000(0000) GS:ffff8e59f7b00000(0000) knlGS:0000000000000000\n[  417.291079] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  417.291083] CR2: 00007fc4083efe08 CR3: 00000001c3626006 CR4: 0000000000770ee0\n[  417.291088] PKRU: 55555554\n[  417.291091] Call Trace:\n[  417.291096]  <TASK>\n[  417.291103]  nsim_bpf_destroy_prog+0x31/0x80 [netdevsim]\n[  417.291154]  __bpf_prog_offload_destroy+0x2a/0x80\n[  417.291163]  bpf_prog_dev_bound_destroy+0x6f/0xb0\n[  417.291171]  bpf_prog_free_deferred+0x18e/0x1a0\n[  417.291178]  process_one_work+0x18a/0x3a0\n[  417.291188]  worker_thread+0x27b/0x3a0\n[  417.291197]  ? __pfx_worker_thread+0x10/0x10\n[  417.291207]  kthread+0xe5/0x120\n[  417.291214]  ? __pfx_kthread+0x10/0x10\n[  417.291221]  ret_from_fork+0x31/0x50\n[  417.291230]  ? __pfx_kthread+0x10/0x10\n[  417.291236]  ret_from_fork_asm+0x1a/0x30\n[  417.291246]  </TASK>\n\nAdd a mutex lock, to prevent simultaneous addition and deletion operations\non the list."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnetdevsim: soluciona un problema de condición de carrera relacionado con la operación en la lista bpf_bound_progs\n\nEl controlador netdevsim carece de un mecanismo de protección para las operaciones en la lista bpf_bound_progs. Cuando nsim_bpf_create_prog() realiza list_add_tail, es posible que nsim_bpf_destroy_prog() realice simultáneamente list_del. Operaciones concurrentes en la lista pueden llevar a la corrupción de la lista y desencadenar un fallo del kernel de la siguiente manera:\n\n[  417.290971] kernel BUG at lib/list_debug.c:62!\n[  417.290983] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[  417.290992] CPU: 10 PID: 168 Comm: kworker/10:1 Kdump: loaded Not tainted 6.19.0-rc5 #1\n[  417.291003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  417.291007] Workqueue: events bpf_prog_free_deferred\n[  417.291021] RIP: 0010:__list_del_entry_valid_or_report+0xa7/0xc0\n[  417.291034] Code: a8 ff 0f 0b 48 89 fe 48 89 ca 48 c7 c7 48 a1 eb ae e8 ed fb a8 ff 0f 0b 48 89 fe 48 89 c2 48 c7 c7 80 a1 eb ae e8 d9 fb a8 ff &lt;0f&gt; 0b 48 89 d1 48 c7 c7 d0 a1 eb ae 48 89 f2 48 89 c6 e8 c2 fb a8\n[  417.291040] RSP: 0018:ffffb16a40807df8 EFLAGS: 00010246\n[  417.291046] RAX: 000000000000006d RBX: ffff8e589866f500 RCX: 0000000000000000\n[  417.291051] RDX: 0000000000000000 RSI: ffff8e59f7b23180 RDI: ffff8e59f7b23180\n[  417.291055] RBP: ffffb16a412c9000 R08: 0000000000000000 R09: 0000000000000003\n[  417.291059] R10: ffffb16a40807c80 R11: ffffffffaf9edce8 R12: ffff8e594427ac20\n[  417.291063] R13: ffff8e59f7b44780 R14: ffff8e58800b7a05 R15: 0000000000000000\n[  417.291074] FS:  0000000000000000(0000) GS:ffff8e59f7b00000(0000) knlGS:0000000000000000\n[  417.291079] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  417.291083] CR2: 00007fc4083efe08 CR3: 00000001c3626006 CR4: 0000000000770ee0\n[  417.291088] PKRU: 55555554\n[  417.291091] Call Trace:\n[  417.291096]  \n[  417.291103]  nsim_bpf_destroy_prog+0x31/0x80 [netdevsim]\n[  417.291154]  __bpf_prog_offload_destroy+0x2a/0x80\n[  417.291163]  bpf_prog_dev_bound_destroy+0x6f/0xb0\n[  417.291171]  bpf_prog_free_deferred+0x18e/0x1a0\n[  417.291178]  process_one_work+0x18a/0x3a0\n[  417.291188]  worker_thread+0x27b/0x3a0\n[  417.291197]  ? __pfx_worker_thread+0x10/0x10\n[  417.291207]  kthread+0xe5/0x120\n[  417.291214]  ? __pfx_kthread+0x10/0x10\n[  417.291221]  ret_from_fork+0x31/0x50\n[  417.291230]  ? __pfx_kthread+0x10/0x10\n[  417.291236]  ret_from_fork_asm+0x1a/0x30\n[  417.291246]  \n\nSe añade un bloqueo mutex para evitar operaciones simultáneas de adición y eliminación en la lista."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.16","versionEndExcluding":"6.1.162","matchCriteriaId":"A41CFBA5-2B99-4E6A-B45C-AD4395A55B25"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.122","matchCriteriaId":"8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.68","matchCriteriaId":"52F38E19-0FDD-4992-9D6D-D4169D689598"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.8","matchCriteriaId":"E65C6E79-7EBE-4C77-93F0-818CF5B38F4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3f560cfc7706029294132482fff5d1bc7884b70d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/68462ecc40ea8f780fb3c74ebfddd05506bb731b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b97d5eedf4976cc94321243be83b39efe81a0e15","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d77379ca82efcb2fe563359cc795027d680410db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f1f9cfd2f46a73b7de2982d01be822eac3a0efaa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}