PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23368 Linux CVE debrief

A Linux kernel vulnerability has been resolved, addressing an AB-BA deadlock issue when both LEDS_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled. The issue arises in the phy_led_triggers_register function during probe, which can cause a deadlock with LEDS_TRIGGER_NETDEV. Users of Linux kernel versions 4.16.1 to 6.18.17, and 7.0 rc1 to rc7, should review and apply patches. The vulnerability has a CVSS score of 5.5 and is related to a Linux kernel issue.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-07-14
Advisory published
2026-03-25
Advisory updated
2026-07-14

Who should care

Users of Linux kernel versions 4.16.1 to 6.18.17, and 7.0 rc1 to rc7, should review and apply patches. Linux kernel maintainers and users with affected deployments should prioritize patching and verify the affected scope.

Technical summary

The vulnerability is caused by a deadlock between LED_TRIGGER_PHY and LEDS_TRIGGER_NETDEV. PHY LED triggers are registered during probe to avoid the AB-BA deadlock. The issue arises when LED_TRIGGER_PHY registers LED triggers during phy_attach while holding RTNL and then taking triggers_list_lock, and LEDS_TRIGGER_NETDEV takes triggers_list_lock and then RTNL. This can be resolved by registering phy_led_triggers during probe.

Defensive priority

Medium priority, as the vulnerability has a CVSS score of 5.5 and is related to a Linux kernel issue.

Recommended defensive actions

  • Review and apply patches provided by the Linux kernel maintainers.
  • Inventory and check for affected Linux kernel versions.
  • Monitor for any potential exploit attempts.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-03-25T11:16:36.167Z and last modified on 2026-07-14T13:18:31.190Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify the affected scope and apply patches or mitigations accordingly.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:36.167Z and has not been modified since then.