{"id":"AZL-77691","summary":"CVE-2026-23118 affecting package kernel 6.6.126.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix data-race warning and potential load/store tearing\n\nFix the following:\n\n        BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet\n\nwhich is reporting an issue with the reads and writes to -\u003elast_tx_at in:\n\n        conn-\u003epeer-\u003elast_tx_at = ktime_get_seconds();\n\nand:\n\n        keepalive_at = peer-\u003elast_tx_at + RXRPC_KEEPALIVE_TIME;\n\nThe lockless accesses to these to values aren't actually a problem as the\nread only needs an approximate time of last transmission for the purposes\nof deciding whether or not the transmission of a keepalive packet is\nwarranted yet.\n\nAlso, as -\u003elast_tx_at is a 64-bit value, tearing can occur on a 32-bit\narch.\n\nFix both of these by switching to an unsigned int for -\u003elast_tx_at and only\nstoring the LSW of the time64_t.  It can then be reconstructed at need\nprovided no more than 68 years has elapsed since the last transmission.","modified":"2026-04-21T04:34:19.418358Z","published":"2026-02-14T15:16:06Z","upstream":["CVE-2026-23118"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23118"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"6.6.126.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77691.json"}}],"schema_version":"1.7.5"}