Description
In the Linux kernel, the following vulnerability has been resolved:

firewire: core: fix race condition against transaction list

The list of transaction is enumerated without acquiring card lock when
processing AR response event. This causes a race condition bug when
processing AT request completion event concurrently.

This commit fixes the bug by put timer start for split transaction
expiration into the scope of lock. The value of jiffies in card structure
is referred before acquiring the lock.
Published: 2026-02-14
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Race Condition
Action: Assess Impact
AI Analysis

Impact

A race condition exists in the Firewire core subsystem of the Linux kernel during AR response event processing. Concurrent AT request completion events can enumerate the transaction list without holding the card lock, leading to data inconsistencies. This flaw could trigger a kernel crash or other system instability, thereby affecting system availability and potentially compromising the integrity of kernel operations.

Affected Systems

The vulnerability affects the Linux kernel's Firewire core as found in kernel releases from 6.19 RC1 through RC7 and any earlier kernels that omit the fix. Systems running these kernel versions, especially those with Firewire devices enabled, are at risk. Linux kernel maintainers and users deploying recent releases should verify whether the relevant patch is present.

Risk and Exploitability

With a CVSS score of 4.7 and an EPSS value below 1 percent, the risk level is considered moderate and the likelihood of exploitation low. The bug requires a precise race condition between AR and AT events, which is difficult to trigger reliably. No public exploitation vectors are documented, and the vulnerability is not listed in the CISA KEV catalog. The most plausible attack scenario would involve a local or physically connected attacker who can manipulate Firewire traffic to induce the race, but this remains an advanced threat.

Generated by OpenCVE AI on April 17, 2026 at 19:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the commit that fixes the race condition—the patch is available in the kernel source for commit 20e01bba2ae4898ce65cdcacd1bd6bec5111abd9 or derived from b038874e31fc3caa0b0d5abd259dd54b918ad4a1.
  • Reboot the system or reload the kernel modules so the patched code is active, ensuring the Firewire subsystem uses the updated logic.
  • If an immediate kernel upgrade is not feasible, temporarily disable or block the Firewire subsystem by unbinding the firewire-core module or adding "blacklist firewire-core" to /etc/modprobe.d/blacklist.conf to prevent Firewire traffic until the patch is applied.

Generated by OpenCVE AI on April 17, 2026 at 19:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Sat, 14 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is enumerated without acquiring card lock when processing AR response event. This causes a race condition bug when processing AT request completion event concurrently. This commit fixes the bug by put timer start for split transaction expiration into the scope of lock. The value of jiffies in card structure is referred before acquiring the lock.
Title firewire: core: fix race condition against transaction list
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T16:01:21.077Z

Reserved: 2026-01-13T15:37:45.977Z

Link: CVE-2026-23153

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T16:15:55.443

Modified: 2026-03-18T14:16:24.010

Link: CVE-2026-23153

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23153 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:45:25Z

Weaknesses