PatchSiren cyber security CVE debrief
CVE-2026-23368 Linux CVE debrief
A Linux kernel vulnerability has been resolved, addressing an AB-BA deadlock issue when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled. The issue arises in the phy_led_triggers_register function during probe, which can cause a deadlock with LEDS_TRIGGER_NETDEV. Users of Linux kernel versions 4.16.1 to 6.18.17, and 7.0 rc1 to rc7, should review and apply patches. The vulnerability has a CVSS score of 5.5 and is related to a Linux kernel issue.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-07-14
Who should care
Users of Linux kernel versions 4.16.1 to 6.18.17, and 7.0 rc1 to rc7, should review and apply patches. Linux kernel maintainers and users with affected deployments should prioritize patching and verify the affected scope.
Technical summary
The vulnerability is caused by a deadlock between LED_TRIGGER_PHY and LEDS_TRIGGER_NETDEV. PHY LED triggers are registered during probe to avoid the AB-BA deadlock. The issue arises when LED_TRIGGER_PHY registers LED triggers during phy_attach while holding RTNL and then taking triggers_list_lock, and LEDS_TRIGGER_NETDEV takes triggers_list_lock and then RTNL. This can be resolved by registering phy_led_triggers during probe.
Defensive priority
Medium priority, as the vulnerability has a CVSS score of 5.5 and is related to a Linux kernel issue.
Recommended defensive actions
- Review and apply patches provided by the Linux kernel maintainers.
- Inventory and check for affected Linux kernel versions.
- Monitor for any potential exploit attempts.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-03-25T11:16:36.167Z and last modified on 2026-07-14T13:18:31.190Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify the affected scope and apply patches or mitigations accordingly.
Official resources
-
CVE-2026-23368 CVE record
CVE.org
-
CVE-2026-23368 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:36.167Z and has not been modified since then.