{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T07:49:00.408","vulnerabilities":[{"cve":{"id":"CVE-2026-23203","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-14T17:15:58.177","lastModified":"2026-03-19T16:34:57.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cpsw_new: Execute ndo_set_rx_mode callback in a work queue\n\nCommit 1767bb2d47b7 (\"ipv6: mcast: Don't hold RTNL for\nIPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.\") removed the RTNL lock for\nIPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP operations. However, this\nchange triggered the following call trace on my BeagleBone Black board:\n  WARNING: net/8021q/vlan_core.c:236 at vlan_for_each+0x120/0x124, CPU#0: rpcbind/496\n  RTNL: assertion failed at net/8021q/vlan_core.c (236)\n  Modules linked in:\n  CPU: 0 UID: 997 PID: 496 Comm: rpcbind Not tainted 6.19.0-rc6-next-20260122-yocto-standard+ #8 PREEMPT\n  Hardware name: Generic AM33XX (Flattened Device Tree)\n  Call trace:\n   unwind_backtrace from show_stack+0x28/0x2c\n   show_stack from dump_stack_lvl+0x30/0x38\n   dump_stack_lvl from __warn+0xb8/0x11c\n   __warn from warn_slowpath_fmt+0x130/0x194\n   warn_slowpath_fmt from vlan_for_each+0x120/0x124\n   vlan_for_each from cpsw_add_mc_addr+0x54/0xd8\n   cpsw_add_mc_addr from __hw_addr_ref_sync_dev+0xc4/0xec\n   __hw_addr_ref_sync_dev from __dev_mc_add+0x78/0x88\n   __dev_mc_add from igmp6_group_added+0x84/0xec\n   igmp6_group_added from __ipv6_dev_mc_inc+0x1fc/0x2f0\n   __ipv6_dev_mc_inc from __ipv6_sock_mc_join+0x124/0x1b4\n   __ipv6_sock_mc_join from do_ipv6_setsockopt+0x84c/0x1168\n   do_ipv6_setsockopt from ipv6_setsockopt+0x88/0xc8\n   ipv6_setsockopt from do_sock_setsockopt+0xe8/0x19c\n   do_sock_setsockopt from __sys_setsockopt+0x84/0xac\n   __sys_setsockopt from ret_fast_syscall+0x0/0x5\n\nThis trace occurs because vlan_for_each() is called within\ncpsw_ndo_set_rx_mode(), which expects the RTNL lock to be held.\nSince modifying vlan_for_each() to operate without the RTNL lock is not\nstraightforward, and because ndo_set_rx_mode() is invoked both with and\nwithout the RTNL lock across different code paths, simply adding\nrtnl_lock() in cpsw_ndo_set_rx_mode() is not a viable solution.\n\nTo resolve this issue, we opt to execute the actual processing within\na work queue, following the approach used by the icssg-prueth driver."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: cpsw_new: Ejecutar la devolución de llamada ndo_set_rx_mode en una cola de trabajo\n\nEl commit 1767bb2d47b7 ('ipv6: mcast: No mantener RTNL para IPV6_ADD_MEMBERSHIP y MCAST_JOIN_GROUP.') eliminó el bloqueo RTNL para las operaciones IPV6_ADD_MEMBERSHIP y MCAST_JOIN_GROUP. Sin embargo, este cambio desencadenó el siguiente rastreo de llamadas en mi placa BeagleBone Black:\n  WARNING: net/8021q/vlan_core.c:236 en vlan_for_each+0x120/0x124, CPU#0: rpcbind/496\n  RTNL: aserción fallida en net/8021q/vlan_core.c (236)\n  Módulos enlazados:\n  CPU: 0 UID: 997 PID: 496 Comm: rpcbind No contaminado 6.19.0-rc6-next-20260122-yocto-standard+ #8 PREEMPT\n  Nombre del hardware: Generic AM33XX (Flattened Device Tree)\n  Rastreo de llamadas:\n   unwind_backtrace desde show_stack+0x28/0x2c\n   show_stack desde dump_stack_lvl+0x30/0x38\n   dump_stack_lvl desde __warn+0xb8/0x11c\n   __warn desde warn_slowpath_fmt+0x130/0x194\n   warn_slowpath_fmt desde vlan_for_each+0x120/0x124\n   vlan_for_each desde cpsw_add_mc_addr+0x54/0xd8\n   cpsw_add_mc_addr desde __hw_addr_ref_sync_dev+0xc4/0xec\n   __hw_addr_ref_sync_dev desde __dev_mc_add+0x78/0x88\n   __dev_mc_add desde igmp6_group_added+0x84/0xec\n   igmp6_group_added desde __ipv6_dev_mc_inc+0x1fc/0x2f0\n   __ipv6_dev_mc_inc desde __ipv6_sock_mc_join+0x124/0x1b4\n   __ipv6_sock_mc_join desde do_ipv6_setsockopt+0x84c/0x1168\n   do_ipv6_setsockopt desde ipv6_setsockopt+0x88/0xc8\n   ipv6_setsockopt desde do_sock_setsockopt+0xe8/0x19c\n   do_sock_setsockopt desde __sys_setsockopt+0x84/0xac\n   __sys_setsockopt desde ret_fast_syscall+0x0/0x5\n\nEste rastreo ocurre porque se llama a vlan_for_each() dentro de cpsw_ndo_set_rx_mode(), que espera que el bloqueo RTNL esté mantenido. Dado que modificar vlan_for_each() para operar sin el bloqueo RTNL no es sencillo, y debido a que ndo_set_rx_mode() se invoca tanto con como sin el bloqueo RTNL a través de diferentes rutas de código, simplemente añadir rtnl_lock() en cpsw_ndo_set_rx_mode() no es una solución viable.\n\nPara resolver este problema, optamos por ejecutar el procesamiento real dentro de una cola de trabajo, siguiendo el enfoque utilizado por el controlador icssg-prueth."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.10","matchCriteriaId":"006F0E3E-7CDC-49C8-880D-47A126A6F299"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c0b5dc73a38f954e780f93a549b8fe225235c07a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d5b3a669866977dc87fd56fcf00a70df1536d258","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}