CVE-2026-23175
📋 TL;DR
A race condition vulnerability in the Linux kernel's CPSW network driver where multicast address operations can trigger a kernel warning due to missing RTNL lock protection. This affects Linux systems using the CPSW driver on AM335x-based hardware like BeagleBone Black. The vulnerability causes kernel warnings but doesn't appear to enable remote code execution.
💻 Affected Systems
- Linux kernel with CPSW driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system instability if the warning leads to a crash, potentially causing denial of service on affected devices.
Likely Case
Kernel warning messages in system logs during multicast operations, but no actual exploitation or system compromise.
If Mitigated
Minor performance impact from work queue processing with no security implications.
🎯 Exploit Status
Exploitation requires triggering specific multicast operations on vulnerable hardware. The vulnerability appears to be a race condition rather than a traditional security flaw.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits 0b8c878d117319f2be34c8391a77e0f4d5c94d79 and 488009aa62bb1217ea0624fd5108b79adef4e148
Vendor Advisory: https://git.kernel.org/stable/c/0b8c878d117319f2be34c8391a77e0f4d5c94d79
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For embedded systems, update kernel via package manager or rebuild with patched kernel source. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable IPv6 multicast
allPrevent triggering the vulnerable code path by disabling IPv6 multicast operations
sysctl -w net.ipv6.conf.all.mc_forwarding=0
sysctl -w net.ipv6.conf.default.mc_forwarding=0
Use updated CPSW driver
AM335x-based systemsSwitch to the newer CPSW switch driver if using AM335x hardware
Ensure device tree uses new cpsw driver instead of legacy driver
🧯 If You Can't Patch
- Monitor system logs for RTNL assertion warnings and investigate multicast traffic sources
- Consider network segmentation to limit multicast traffic to affected devices
🔍 How to Verify
Check if Vulnerable:
Check kernel version and look for RTNL assertion warnings in dmesg or system logs during multicast operationsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and no RTNL warnings appear during multicast testing📡 Detection & Monitoring
Log Indicators:
- RTNL: assertion failed at net/8021q/vlan_core.c
- WARNING: net/8021q/vlan_core.c:236
- Call trace including vlan_for_each and cpsw_add_mc_addr
Network Indicators:
- Increased multicast traffic to affected devices
- IPv6 multicast group joins
SIEM Query:
source="kernel" AND "RTNL: assertion failed" AND "vlan_core.c"