bonding: annotate data-races around slave->last_rx — CVE-2026-23212

Summary

Advisory CVE-2026-23212. bonding: annotate data-races around slave->last_rx Vendor: Microsoft. Source: MSRC. Threat: medium. CVSS 5.5. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. CVE-2025-61145
• libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. CVE-2025-61143
• wcurl path traversal with percent-encoded slashes CVE-2025-11563
• crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly CVE-2026-23222
• erofs: fix UAF issue for file-backed mounts w/ directio option CVE-2026-23224
• hfs: ensure sb->s_fs_info is always cleaned up CVE-2025-71230
• ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths CVE-2026-23220
• Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure CVE-2026-2443
• mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free CVE-2026-1979
• nilfs2: Fix potential block overflow that cause system hang CVE-2025-71237
• Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing CVE-2026-2243
• riscv: trace: fix snapshot deadlock with sbi ecall CVE-2026-23217