Description
In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix data-race warning and potential load/store tearing

Fix the following:

BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet

which is reporting an issue with the reads and writes to ->last_tx_at in:

conn->peer->last_tx_at = ktime_get_seconds();

and:

keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;

The lockless accesses to these to values aren't actually a problem as the
read only needs an approximate time of last transmission for the purposes
of deciding whether or not the transmission of a keepalive packet is
warranted yet.

Also, as ->last_tx_at is a 64-bit value, tearing can occur on a 32-bit
arch.

Fix both of these by switching to an unsigned int for ->last_tx_at and only
storing the LSW of the time64_t. It can then be reconstructed at need
provided no more than 68 years has elapsed since the last transmission.
Published: 2026-02-14
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Race and Potential Load/Store Tearing
Action: Assess Impact
AI Analysis

Impact

The vulnerability involves a data race and potential load/store tearing in the Linux kernel's rxrpc module. Concurrent reads and writes to the last_tx_at field can produce inconsistent values, and on 32‑bit architectures, the 64‑bit value may tear, resulting in inaccurate timing data. This can lead to incorrect keep‑alive packet decisions, potentially causing subtle timing errors or availability issues but does not provide direct control over the system.

Affected Systems

Affected systems are Linux kernels that include the rxrpc implementation. The known affected range covers kernel version 6.19 release candidates 1 through 6, as indicated by the CPE entries, and any future kernels that have not yet incorporated the patch.

Risk and Exploitability

The CVSS score of 4.7 indicates low severity. EPSS is below 1%, and the vulnerability is not flagged in the CISA KEV catalog, suggesting a low likelihood of exploitation. The attack vector is likely local and indirect; an attacker would need to influence the kernel’s rxrpc timing logic, which is not trivial. Overall risk remains low with minimal impact on confidentiality or integrity.

Generated by OpenCVE AI on April 16, 2026 at 06:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that includes the rxrpc last_tx_at fix, such as Linux kernel 6.19 final or newer.
  • If immediate upgrade is not possible, backport the relevant commit(s) to the existing kernel to replace the 64-bit field with a 32‑bit unsigned int, following the upstream patch.
  • After applying the patch, monitor kernel logs for any remaining KCSAN data‑race or timing anomalies to confirm the issue is resolved.

Generated by OpenCVE AI on April 16, 2026 at 06:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
References

Wed, 18 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Sat, 14 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning and potential load/store tearing Fix the following: BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet which is reporting an issue with the reads and writes to ->last_tx_at in: conn->peer->last_tx_at = ktime_get_seconds(); and: keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME; The lockless accesses to these to values aren't actually a problem as the read only needs an approximate time of last transmission for the purposes of deciding whether or not the transmission of a keepalive packet is warranted yet. Also, as ->last_tx_at is a 64-bit value, tearing can occur on a 32-bit arch. Fix both of these by switching to an unsigned int for ->last_tx_at and only storing the LSW of the time64_t. It can then be reconstructed at need provided no more than 68 years has elapsed since the last transmission.
Title rxrpc: Fix data-race warning and potential load/store tearing
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-03-25T10:20:22.263Z

Reserved: 2026-01-13T15:37:45.969Z

Link: CVE-2026-23118

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-02-14T15:16:06.933

Modified: 2026-03-25T11:16:18.923

Link: CVE-2026-23118

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23118 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:00:10Z

Weaknesses