Login Sign Up

CVE-2026-23203

N/A Unknown
Denial of Service

📋 TL;DR

A race condition vulnerability in the Linux kernel's CPSW network driver where the ndo_set_rx_mode callback is called without proper locking, causing a kernel warning and potential system instability. This affects Linux systems using the CPSW network driver, particularly on BeagleBone Black boards and similar ARM-based devices.

💻 Affected Systems

Products:
  • Linux kernel with CPSW network driver
Versions: Linux kernel versions around 6.19.0-rc6 and earlier with the vulnerable commit 1767bb2d47b7
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Primarily affects systems with CPSW network hardware (like TI AM33xx/AM335x SoCs) when IPv6 multicast operations are performed.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash due to race conditions when processing multicast group operations, leading to denial of service.

🟠

Likely Case

Kernel warning messages in system logs and potential network instability when IPv6 multicast operations are performed.

🟢

If Mitigated

Minor performance impact from work queue processing with no security compromise.

🌐 Internet-Facing: LOW - Requires local access or specific multicast network operations.
🏢 Internal Only: MEDIUM - Could affect internal network operations and system stability on vulnerable devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific IPv6 multicast operations on vulnerable hardware. No known remote exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in kernel commits c0b5dc73a38f954e780f93a549b8fe225235c07a and d5b3a669866977dc87fd56fcf00a70df1536d258

Vendor Advisory: https://git.kernel.org/stable/c/c0b5dc73a38f954e780f93a549b8fe225235c07a

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix. 2. For embedded systems: Rebuild kernel with patched source. 3. Apply kernel updates through distribution package manager.

🔧 Temporary Workarounds

Disable IPv6 multicast

all

Prevent IPv6 multicast operations that trigger the vulnerability

sysctl -w net.ipv6.conf.all.mc_forwarding=0
sysctl -w net.ipv6.conf.default.mc_forwarding=0

🧯 If You Can't Patch

  • Monitor system logs for kernel warnings related to vlan_for_each or CPSW
  • Restrict IPv6 multicast traffic at network perimeter

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if CPSW driver is loaded: uname -r && lsmod | grep cpsw

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and monitor dmesg for absence of vlan_for_each warnings during IPv6 multicast operations

📡 Detection & Monitoring

Log Indicators:

  • Kernel warnings containing 'vlan_for_each', 'RTNL: assertion failed', 'cpsw_add_mc_addr' in dmesg or /var/log/kern.log

Network Indicators:

  • Unusual IPv6 multicast traffic patterns to affected devices

SIEM Query:

source="kernel" AND ("vlan_for_each" OR "RTNL: assertion failed" OR "cpsw_add_mc_addr")

📊 Metadata

CVE ID: CVE-2026-23203
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON