Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

DEBIAN-CVE-2026-23175

In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndo_set_rx_mode callback in a work queue Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6_ADD_MEMBER...
Back to all
CVE

DEBIAN-CVE-2026-23175

In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndo_set_rx_mode callback in a work queue Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6_ADD_MEMBER...

In the Linux kernel, the following vulnerability has been resolved:  net: cpsw: Execute ndosetrxmode callback in a work queue  Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6ADDMEMBERSHIP and MCASTJOINGROUP.") removed the RTNL lock for IPV6ADDMEMBERSHIP and MCASTJOINGROUP operations. However, this change triggered the following call trace on my BeagleBone Black board:   WARNING: net/8021q/vlancore.c:236 at vlanforeach+0x120/0x124, CPU#0: rpcbind/481   RTNL: assertion failed at net/8021q/vlancore.c (236)   Modules linked in:   CPU: 0 UID: 997 PID: 481 Comm: rpcbind Not tainted 6.19.0-rc7-next-20260130-yocto-standard+ #35 PREEMPT   Hardware name: Generic AM33XX (Flattened Device Tree)   Call trace:    unwindbacktrace from showstack+0x28/0x2c    showstack from dumpstacklvl+0x30/0x38    dumpstacklvl from warn+0xb8/0x11c    warn from warnslowpathfmt+0x130/0x194    warnslowpathfmt from vlanforeach+0x120/0x124    vlanforeach from cpswaddmcaddr+0x54/0x98    cpswaddmcaddr from hwaddrrefsyncdev+0xc4/0xec    hwaddrrefsyncdev from devmcadd+0x78/0x88    devmcadd from igmp6groupadded+0x84/0xec    igmp6groupadded from ipv6devmcinc+0x1fc/0x2f0    ipv6devmcinc from ipv6sockmcjoin+0x124/0x1b4    ipv6sockmcjoin from doipv6setsockopt+0x84c/0x1168    doipv6setsockopt from ipv6setsockopt+0x88/0xc8    ipv6setsockopt from dosocksetsockopt+0xe8/0x19c    dosocksetsockopt from syssetsockopt+0x84/0xac    syssetsockopt from retfastsyscall+0x0/0x54  This trace occurs because vlanforeach() is called within cpswndosetrxmode(), which expects the RTNL lock to be held. Since modifying vlanforeach() to operate without the RTNL lock is not straightforward, and because ndosetrxmode() is invoked both with and without the RTNL lock across different code paths, simply adding rtnllock() in cpswndosetrxmode() is not a viable solution.  To resolve this issue, we opt to execute the actual processing within a work queue, following the approach used by the icssg-prueth driver.  Please note: To reproduce this issue, I manually reverted the changes to am335x-bone-common.dtsi from commit c477358e66a3 ("ARM: dts: am335x-bone: switch to new cpsw switch drv") in order to revert to the legacy cpsw driver.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
-
C
H
U
0
-
3.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
C
H
U
-

Related Resources

No items found.

References

https://security-tracker.debian.org/tracker/CVE-2026-23175

Severity

7

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
7
EPSS Probability
0%
EPSS Percentile
0%
Introduced Version
0
Fix Available
6.18.10-1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading