Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux kernel FireWire driver: Data corruption or crash on concurrent access
CVE-2026-23153
Summary
A software bug in the Linux kernel's FireWire driver could cause data corruption or a system crash when multiple processes access the same FireWire connection at the same time. This issue has been fixed in an update to the Linux kernel. Linux users should update their kernel to the latest version to ensure they have the fix.
Original title
In the Linux kernel, the following vulnerability has been resolved:
firewire: core: fix race condition against transaction list
The list of transaction is enumerated without acquiring card lock w...
Original description
In the Linux kernel, the following vulnerability has been resolved:
firewire: core: fix race condition against transaction list
The list of transaction is enumerated without acquiring card lock when
processing AR response event. This causes a race condition bug when
processing AT request completion event concurrently.
This commit fixes the bug by put timer start for split transaction
expiration into the scope of lock. The value of jiffies in card structure
is referred before acquiring the lock.
firewire: core: fix race condition against transaction list
The list of transaction is enumerated without acquiring card lock when
processing AR response event. This causes a race condition bug when
processing AT request completion event concurrently.
This commit fixes the bug by put timer start for split transaction
expiration into the scope of lock. The value of jiffies in card structure
is referred before acquiring the lock.
Published: 14 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026