Strobes VIStrobes VI
CVE DatabaseThreat ActorsResearchAdvisoryAPI Docs
Visit Strobes.coSign Up for Strobes
CVE DatabaseThreat ActorsResearchAdvisoryAPI Docs
Tools
KB Lookup
Visit Strobes.coSign Up for Strobes
HomeCVEs

Do you like the insights?

Strobes vulnerability intelligence is a key component of their Exposure Management platform that helps organizations understand, prioritize, and address security vulnerabilities more effectively.

© 2026 Strobes Security. All rights reserved.
HomeCVEsCVE-2026-23118

CVE-2026-23118

Published: March 12, 2026
Last updated:15 hours ago (March 12, 2026)
Exploit: NoZero-day: NoPatch: YesTrend: Neutral
TL;DR
Updated March 12, 2026

CVE-2026-23118 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available.

Key Points
  • 1Low severity (CVSS 0.0/10)
  • 2No known public exploits
  • 3Vendor patches are available
Severity Scores
CVSS v30.0
CVSS v20.0
Priority Score0.0
EPSS Score0.0
None
Exploitation LikelihoodMinimal
0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow
0.00%
EPSS
0.0
CVSS
No
Exploit
Yes
Patch
Low Priority
no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix data-race warning and potential load/store tearing

Fix the following:

    BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet

which is reporting an issue with the reads and writes to ->last_tx_at in:

    conn->peer->last_tx_at = ktime_get_seconds();

and:

    keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;

The lockless accesses to these to values aren't actually a problem as the read only needs an approximate time of last transmission for the purposes of deciding whether or not the transmission of a keepalive packet is warranted yet.

Also, as ->last_tx_at is a 64-bit value, tearing can occur on a 32-bit arch.

Fix both of these by switching to an unsigned int for ->last_tx_at and only storing the LSW of the time64_t. It can then be reconstructed at need provided no more than 68 years has elapsed since the last transmission.

CVSS v3 Breakdown
Attack Vector:-
Attack Complexity:-
Privileges Required:-
User Interaction:-
Scope:-
Confidentiality:-
Integrity:-
Availability:-
Trend Analysis
Neutral
Advisories
GitHub AdvisoryNVD
Cite This Page
APA Format
Strobes VI. (2026). CVE-2026-23118 - CVE Details and Analysis. Strobes VI. Retrieved March 12, 2026, from https://vi.strobes.co/cve/CVE-2026-23118
Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.