CVE-2026-23186 – A race condition vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2026-23186?

CVE-2026-23186 has a CVSS score of N/A (Unknown). A race condition vulnerability in the Linux kernel's acpi_power_meter driver can cause system deadlocks when handling ACPI notifications. This affects Linux systems using the ACPI power meter functionality, potentially leading to system instability or denial of service.

📋 TL;DR

A race condition vulnerability in the Linux kernel's acpi_power_meter driver can cause system deadlocks when handling ACPI notifications. This affects Linux systems using the ACPI power meter functionality, potentially leading to system instability or denial of service.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with vulnerable acpi_power_meter driver (specific versions not specified in CVE)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with ACPI power meter functionality enabled and in use.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

System deadlock requiring hard reboot, causing extended downtime and potential data loss.

🟠

Likely Case

System instability, kernel panics, or service disruptions requiring manual intervention.

🟢

If Mitigated

Minor performance impact during ACPI notification handling with proper locking.

🌐 Internet-Facing: LOW - Requires local access or kernel-level compromise to trigger.

🏢 Internal Only: MEDIUM - Local users or processes could trigger deadlocks affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger ACPI notifications or access to sysfs attributes while device removal occurs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 615901b57b7ef8eb655f71358f7e956e42bcd16b and 8860ddf0e07be37169d4ef9f2618e39fca934a66

Vendor Advisory: https://git.kernel.org/stable/c/615901b57b7ef8eb655f71358f7e956e42bcd16b

Restart Required: No

Instructions:

1. Update Linux kernel to patched version. 2. For running systems, load updated kernel module: 'rmmod acpi_power_meter && modprobe acpi_power_meter'

🔧 Temporary Workarounds

Disable acpi_power_meter module

all

Prevent loading of vulnerable driver if not required

echo 'blacklist acpi_power_meter' > /etc/modprobe.d/disable-acpi-power-meter.conf
rmmod acpi_power_meter

🧯 If You Can't Patch

Restrict access to sysfs power meter attributes to trusted users only
Monitor system logs for deadlock indicators and have reboot procedures ready

🔍 How to Verify

Check if Vulnerable:

Check if acpi_power_meter module is loaded: 'lsmod | grep acpi_power_meter'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: 'uname -r' and verify with distribution patch notes

📡 Detection & Monitoring

Log Indicators:

Kernel messages about deadlocks
System hangs or unresponsiveness
ACPI notification errors

Network Indicators:

None - local vulnerability only

SIEM Query:

kernel:("deadlock" OR "hung task") AND module:"acpi_power_meter"

📊 Metadata

CVE ID: CVE-2026-23186

CVSS v3 Score: N/A (Unknown)

Published: February 14, 2026

Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON