ipvlan: Make the addrs_lock be per port

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2026-23103
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-02-04 17:16:21 UTC
Updated2026-04-03 14:16:23 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. So 1) Introduce per-port addrs_lock. 2) It was needed to fix places where it was forgotten to take lock (ipvlan_open/ipvlan_close) This appears to be a very minor problem though. Since it's highly unlikely that ipvlan_add_addr() will be called on 2 CPU simultaneously. But nevertheless, this could cause: 1) False-negative of ipvlan_addr_busy(): one interface iterated through all port->ipvlans + ipvlan->addrs under some ipvlan spinlock, and another added IP under its own lock. Though this is only possible for IPv6, since looks like only ipvlan_addr6_event() can be called without rtnl_lock. 2) Race since ipvlan_ht_addr_add(port) is called under different ipvlan->addrs_lock locks This should not affect performance, since add/remove IP is a rare situation and spinlock is not taken on fast paths.

Risk And Classification

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem Types: CWE-667

VersionSourceTypeScoreSeverityVector
3.1[email protected]Primary5.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
3.1416baaa9-dc9f-4396-8d5f-8c081fb06d67Secondary7.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1CNADECLARED7.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 8230819494b3bf284ca7262ac5f877333147b937 3c149b662cbb202a450e81f938e702ba333864ad git Not specified
CNA Linux Linux affected 8230819494b3bf284ca7262ac5f877333147b937 70feb16e3fbfb10b15de1396557c38e99f1ab8df git Not specified
CNA Linux Linux affected 8230819494b3bf284ca7262ac5f877333147b937 88f83e6c9cdb46b8c8ddd0ba01393362963cf589 git Not specified
CNA Linux Linux affected 8230819494b3bf284ca7262ac5f877333147b937 04ba6de6eff61238e5397c14ac26a6578c7735a5 git Not specified
CNA Linux Linux affected 8230819494b3bf284ca7262ac5f877333147b937 1f300c10d92c547c3a7d978e1212ff52f18256ed git Not specified
CNA Linux Linux affected 8230819494b3bf284ca7262ac5f877333147b937 6a81e2db096913d7e43aada1c350c1282e76db39 git Not specified
CNA Linux Linux affected 8230819494b3bf284ca7262ac5f877333147b937 d3ba32162488283c0a4c5bedd8817aec91748802 git Not specified
CNA Linux Linux affected 4.17 Not specified
CNA Linux Linux unaffected 4.17 semver Not specified
CNA Linux Linux unaffected 5.10.249 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.199 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.162 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.122 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.68 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.8 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/88f83e6c9cdb46b8c8ddd0ba01393362963cf589 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/70feb16e3fbfb10b15de1396557c38e99f1ab8df 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/04ba6de6eff61238e5397c14ac26a6578c7735a5 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/1f300c10d92c547c3a7d978e1212ff52f18256ed 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/3c149b662cbb202a450e81f938e702ba333864ad 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/d3ba32162488283c0a4c5bedd8817aec91748802 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/6a81e2db096913d7e43aada1c350c1282e76db39 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report