HOMEVULNERABILITIESCVE-2026-23126
NONE

CVE-2026-23126

Published: February 14, 2026· Updated: Feb 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.3th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: fix a race issue related to the operation on bpf_bound_progs list

The netdevsim driver lacks a protection mechanism for operations on the

bpf_bound_progs list. When the nsim_bpf_create_prog() performs

list_add_tail, it is possible that nsim_bpf_destroy_prog() is

simultaneously performs list_del. Concurrent operations on the list may

lead to list corruption and trigger a kernel crash as follows:

[ 417.290971] kernel BUG at lib/list_debug.c:62!

[ 417.290983] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI

[ 417.290992] CPU: 10 PID: 168 Comm: kworker/10:1 Kdump: loaded Not tainted 6.19.0-rc5 #1

[ 417.291003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014

[ 417.291007] Workqueue: events bpf_prog_free_deferred

[ 417.291021] RIP: 0010:__list_del_entry_valid_or_report+0xa7/0xc0

[ 417.291034] Code: a8 ff 0f 0b 48 89 fe 48 89 ca 48 c7 c7 48 a1 eb ae e8 ed fb a8 ff 0f 0b 48 89 fe 48 89 c2 48 c7 c7 80 a1 eb ae e8 d9 fb a8 ff <0f> 0b 48 89 d1 48 c7 c7 d0 a1 eb ae 48 89 f2 48 89 c6 e8 c2 fb a8

[ 417.291040] RSP: 0018:ffffb16a40807df8 EFLAGS: 00010246

[ 417.291046] RAX: 000000000000006d RBX: ffff8e589866f500 RCX: 0000000000000000

[ 417.291051] RDX: 0000000000000000 RSI: ffff8e59f7b23180 RDI: ffff8e59f7b23180

[ 417.291055] RBP: ffffb16a412c9000 R08: 0000000000000000 R09: 0000000000000003

[ 417.291059] R10: ffffb16a40807c80 R11: ffffffffaf9edce8 R12: ffff8e594427ac20

[ 417.291063] R13: ffff8e59f7b44780 R14: ffff8e58800b7a05 R15: 0000000000000000

[ 417.291074] FS: 0000000000000000(0000) GS:ffff8e59f7b00000(0000) knlGS:0000000000000000

[ 417.291079] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

[ 417.291083] CR2: 00007fc4083efe08 CR3: 00000001c3626006 CR4: 0000000000770ee0

[ 417.291088] PKRU: 55555554

[ 417.291091] Call Trace:

[ 417.291096] <TASK>

[ 417.291103] nsim_bpf_destroy_prog+0x31/0x80 [netdevsim]

[ 417.291154] __bpf_prog_offload_destroy+0x2a/0x80

[ 417.291163] bpf_prog_dev_bound_destroy+0x6f/0xb0

[ 417.291171] bpf_prog_free_deferred+0x18e/0x1a0

[ 417.291178] process_one_work+0x18a/0x3a0

[ 417.291188] worker_thread+0x27b/0x3a0

[ 417.291197] ? __pfx_worker_thread+0x10/0x10

[ 417.291207] kthread+0xe5/0x120

[ 417.291214] ? __pfx_kthread+0x10/0x10

[ 417.291221] ret_from_fork+0x31/0x50

[ 417.291230] ? __pfx_kthread+0x10/0x10

[ 417.291236] ret_from_fork_asm+0x1a/0x30

[ 417.291246] </TASK>

Add a mutex lock, to prevent simultaneous addition and deletion operations

on the list.

NVD Source

Technical Analysis

CVE-2026-23126 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
LinuxDebian
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (5)

Quick Facts

CVE IDCVE-2026-23126
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 14, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23126 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.