CVE-2026-23253
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader opens the DVR device. dvb_ringbuffer_init() calls init_waitqueue_head(), which reinitializes the waitqueue list head to empty. Since dmxdev->dvr_buffer.queue is a shared waitqueue (all opens of the same DVR device share it), this orphans any existing waitqueue entries from io_uring poll or epoll, leaving them with stale prev/next pointers while the list head is reset to {self, self}. The waitqueue and spinlock in dvr_buffer are already properly initialized once in dvb_dmxdev_init(). The open path only needs to reset the buffer data pointer, size, and read/write positions. Replace the dvb_ringbuffer_init() call in dvb_dvr_open() with direct assignment of data/size and a call to dvb_ringbuffer_reset(), which properly resets pread, pwrite, and error with correct memory ordering without touching the waitqueue or spinlock.
EPSS 0.03% · 8.4th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 2.6.17, 2.6.17, 2.6.17 |
| Linux | Linux | 34731df288a5ffe4b0c396caf8cd24c6a710a222, 34731df288a5ffe4b0c396caf8cd24c6a710a222, 34731df288a5ffe4b0c396caf8cd24c6a710a222 |
Exploit Intelligence
- CIRCL seen: CVE-2026-23253 (circl-sighting)
- CIRCL seen: CVE-2026-23253 (circl-sighting)
- CIRCL seen: CVE-2026-23253 (circl-sighting)
- CIRCL seen: CVE-2026-23253 (circl-sighting)
- https://git.kernel.org/stable/c/527cfa8a3486b3555c5c15e2f62be484a11398dc (circl)
- https://git.kernel.org/stable/c/fb378cf89be434ed1f10ab79cc4788fba8ae868d (circl)
- https://git.kernel.org/stable/c/f1e520ca2e83ece6731af6167c9e5e16931ecba0 (circl)
- https://git.kernel.org/stable/c/af050ab44fa1b1897a940d7d756e512232f5e5df (circl)
- https://git.kernel.org/stable/c/d71781bad59b1c9d60d7068004581f9bf19c0c9d (circl)
- https://git.kernel.org/stable/c/cfd94642025e6f71c8f754bdec0800ee95e4f3dd (circl)
…and 17 more exploits
Timeline
- Mar 18, 2026 CVE Published
- Mar 19, 2026 EPSS Score
- Mar 20, 2026 EPSS Score
- Mar 21, 2026 EPSS Score
- Mar 22, 2026 EPSS Score
- Mar 22, 2026 Coalition ESS Score
- Mar 23, 2026 EPSS Score
- Mar 24, 2026 EPSS Score
- Mar 25, 2026 EPSS Score
- Mar 29, 2026 Security Advisory
- Mar 29, 2026 PoC Published
- Mar 31, 2026 Security Advisory
References
- https://git.kernel.org/stable/c/f1e520ca2e83ece6731af6167c9e5e16931ecba0 url
- https://git.kernel.org/stable/c/af050ab44fa1b1897a940d7d756e512232f5e5df url
- https://git.kernel.org/stable/c/d71781bad59b1c9d60d7068004581f9bf19c0c9d url
- https://git.kernel.org/stable/c/cfd94642025e6f71c8f754bdec0800ee95e4f3dd url
- https://git.kernel.org/stable/c/32eb8e4adc207ef31bc6e5ae56bab940b0176066 url
- https://git.kernel.org/stable/c/bfbc0b5b32a8f28ce284add619bf226716a59bc0 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-23253 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32748 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4438 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23347 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23268 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23392 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23319 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23253 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23296 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23364 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23368 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27654 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-30922 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23286 advisory
…and 135 more