Homepage

Missing Synchronization Affecting rv package, versions *

Severity

 Recommended
0.0
low
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.02% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL10-RV-15291809
  • published17 Feb 2026
  • disclosed14 Feb 2026
Report a new vulnerability Found a mistake?

Introduced: 14 Feb 2026

NewCVE-2026-23118  (opens in a new tab)
CWE-820  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:10 rv.

NVD Description

Note: Versions mentioned in the description apply only to the upstream rv package and not the rv package as distributed by RHEL. See How to fix? for RHEL:10 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix data-race warning and potential load/store tearing

Fix the following:

    BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet

which is reporting an issue with the reads and writes to ->last_tx_at in:

    conn->peer->last_tx_at = ktime_get_seconds();

and:

    keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;

The lockless accesses to these to values aren't actually a problem as the read only needs an approximate time of last transmission for the purposes of deciding whether or not the transmission of a keepalive packet is warranted yet.

Also, as ->last_tx_at is a 64-bit value, tearing can occur on a 32-bit arch.

Fix both of these by switching to an unsigned int for ->last_tx_at and only storing the LSW of the time64_t. It can then be reconstructed at need provided no more than 68 years has elapsed since the last transmission.

CVSS Base Scores

version 3.1