CVE-2026-23106

MEDIUM

Linux Kernel 6.17-6.18.7 - Timekeeping Leap State Manipulation via Auxiliary Timekeeper

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_ajdtimex() was introduced to handle adjtimex for any timekeeper, this reference to tk_core was not updated. When called on an auxiliary timekeeper, the core timekeeper would be updated incorrectly. This gets caught by the lock debugging diagnostics because the timekeepers sequence lock gets written to without holding its associated spinlock: WARNING: include/linux/seqlock.h:226 at __do_adjtimex+0x394/0x3b0, CPU#2: test/125 aux_clock_adj (kernel/time/timekeeping.c:2979) __do_sys_clock_adjtime (kernel/time/posix-timers.c:1161 kernel/time/posix-timers.c:1173) do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) Update the correct auxiliary timekeeper.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/8f7c9dbeaa0be5810e44d323735967d3dba9239d

Patch

https://git.kernel.org/stable/c/e806f7dde8ba28bc72a7a0898589cac79f6362ac

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (9)

linux/Kernel 6.17.0 - 6.18.8linux

Linux/Linux < 6.17

Linux/Linux 6.17

Linux/Linux 6.18.8 - 6.18.*

Linux/Linux 6.19

Linux/Linux 775f71ebedd382da390dc16a4c28cffa5b937f79 - 8f7c9dbeaa0be5810e44d323735967d3dba9239d

Linux/Linux 775f71ebedd382da390dc16a4c28cffa5b937f79 - e806f7dde8ba28bc72a7a0898589cac79f6362ac

linux/linux_kernel 6.19 rc1 (6 CPE variants)

linux/linux_kernel 6.17 - 6.18.8

Published Feb 04, 2026

Tracked Since Feb 18, 2026