HOMEVULNERABILITIESCVE-2026-23356
NONE

CVE-2026-23356

Published: March 25, 2026· Updated: Mar 25, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.5th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()

Even though we check that we "should" be able to do lc_get_cumulative()

while holding the device->al_lock spinlock, it may still fail,

if some other code path decided to do lc_try_lock() with bad timing.

If that happened, we logged "LOGIC BUG for enr=...",

but still did not return an error.

The rest of the code now assumed that this request has references

for the relevant activity log extents.

The implcations are that during an active resync, mutual exclusivity of

resync versus application IO is not guaranteed. And a potential crash

at this point may not realizs that these extents could have been target

of in-flight IO and would need to be resynced just in case.

Also, once the request completes, it will give up activity log references it

does not even hold, which will trigger a BUG_ON(refcnt == 0) in lc_put().

Fix:

Do not crash the kernel for a condition that is harmless during normal

operation: also catch "e->refcnt == 0", not only "e == NULL"

when being noisy about "al_complete_io() called on inactive extent %u\n".

And do not try to be smart and "guess" whether something will work, then

be surprised when it does not.

Deal with the fact that it may or may not work. If it does not, remember a

possible "partially in activity log" state (only possible for requests that

cross extent boundaries), and return an error code from

drbd_al_begin_io_nonblock().

A latter call for the same request will then resume from where we left off.

NVD Source

Technical Analysis

CVE-2026-23356 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-23356
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23356 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.