Improper Resource Locking Affecting rv package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL10-RV-15218005
- published5 Feb 2026
- disclosed4 Feb 2026
Introduced: 4 Feb 2026
CVE-2026-23103 (opens in a new tab)How to fix?
There is no fixed version for RHEL:10 rv.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rv package and not the rv package as distributed by RHEL.
See How to fix? for RHEL:10 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: Make the addrs_lock be per port
Make the addrs_lock be per port, not per ipvlan dev.
Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. So
Introduce per-port addrs_lock.
It was needed to fix places where it was forgotten to take lock (ipvlan_open/ipvlan_close)
This appears to be a very minor problem though. Since it's highly unlikely that ipvlan_add_addr() will be called on 2 CPU simultaneously. But nevertheless, this could cause:
False-negative of ipvlan_addr_busy(): one interface iterated through all port->ipvlans + ipvlan->addrs under some ipvlan spinlock, and another added IP under its own lock. Though this is only possible for IPv6, since looks like only ipvlan_addr6_event() can be called without rtnl_lock.
Race since ipvlan_ht_addr_add(port) is called under different ipvlan->addrs_lock locks
This should not affect performance, since add/remove IP is a rare situation and spinlock is not taken on fast paths.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2436771
- https://access.redhat.com/security/cve/CVE-2026-23103
- https://git.kernel.org/stable/c/04ba6de6eff61238e5397c14ac26a6578c7735a5
- https://git.kernel.org/stable/c/1f300c10d92c547c3a7d978e1212ff52f18256ed
- https://git.kernel.org/stable/c/6a81e2db096913d7e43aada1c350c1282e76db39
- https://git.kernel.org/stable/c/d3ba32162488283c0a4c5bedd8817aec91748802
- https://git.kernel.org/stable/c/3c149b662cbb202a450e81f938e702ba333864ad
- https://git.kernel.org/stable/c/70feb16e3fbfb10b15de1396557c38e99f1ab8df
- https://git.kernel.org/stable/c/88f83e6c9cdb46b8c8ddd0ba01393362963cf589