Description
In the Linux kernel, the following vulnerability has been resolved:

timekeeping: Adjust the leap state for the correct auxiliary timekeeper

When __do_ajdtimex() was introduced to handle adjtimex for any
timekeeper, this reference to tk_core was not updated. When called on an
auxiliary timekeeper, the core timekeeper would be updated incorrectly.

This gets caught by the lock debugging diagnostics because the
timekeepers sequence lock gets written to without holding its
associated spinlock:

WARNING: include/linux/seqlock.h:226 at __do_adjtimex+0x394/0x3b0, CPU#2: test/125
aux_clock_adj (kernel/time/timekeeping.c:2979)
__do_sys_clock_adjtime (kernel/time/posix-timers.c:1161 kernel/time/posix-timers.c:1173)
do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)

Update the correct auxiliary timekeeper.
Published: 2026-02-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Timekeeping Corruption
Action: Apply Kernel Patch
AI Analysis

Impact

In the Linux kernel, the function __do_ajdtimex, introduced to enable adjtimex on any timekeeper, mistakenly references the core timekeeper (tk_core) when operating on an auxiliary timekeeper. This causes the core timekeeper’s sequence lock to be written to without holding its spinlock, triggering lock‑debug diagnostics and leading to an inconsistent leap‑second state across the kernel’s timekeeping subsystem.

Affected Systems

All Linux kernel builds that include the 6.19 series up to at least release candidate 6.19‑rc6 are vulnerable. This includes any distribution or custom kernel derived from that line, regardless of the distribution, because the flaw resides in the core kernel timekeeping source.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate severity. The EPSS score is less than 1 %, showing a very low likelihood of exploitation. It is not listed in CISA’s KEV catalog. The vulnerability is triggered by the adjtimex system call when an auxiliary timekeeper is targeted; the call requires elevated privileges, likely root, but the precise privilege level is not explicitly stated. Applying the available patch mitigates the issue completely.

Generated by OpenCVE AI on April 18, 2026 at 21:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the system to a Linux kernel version that includes the commit fixing the auxiliary timekeeper handling; at least the final 6.19 kernel or a later stable release.
  • If an immediate update is not possible, rebuild the kernel with the specific commit that corrects the sequence lock update for auxiliary timekeepers.
  • Limit or disable usage of adjtimex on auxiliary timekeepers by restricting the system call to trusted privileged contexts or by applying policy controls.

Generated by OpenCVE AI on April 18, 2026 at 21:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-164
CWE-362

Thu, 19 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*

Thu, 05 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_ajdtimex() was introduced to handle adjtimex for any timekeeper, this reference to tk_core was not updated. When called on an auxiliary timekeeper, the core timekeeper would be updated incorrectly. This gets caught by the lock debugging diagnostics because the timekeepers sequence lock gets written to without holding its associated spinlock: WARNING: include/linux/seqlock.h:226 at __do_adjtimex+0x394/0x3b0, CPU#2: test/125 aux_clock_adj (kernel/time/timekeeping.c:2979) __do_sys_clock_adjtime (kernel/time/posix-timers.c:1161 kernel/time/posix-timers.c:1173) do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) Update the correct auxiliary timekeeper.
Title timekeeping: Adjust the leap state for the correct auxiliary timekeeper
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:38:47.388Z

Reserved: 2026-01-13T15:37:45.966Z

Link: CVE-2026-23106

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T17:16:21.470

Modified: 2026-03-19T19:24:19.867

Link: CVE-2026-23106

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23106 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T21:15:10Z

Weaknesses