Bug 2436784 (CVE-2026-23106)

Summary: CVE-2026-23106 kernel: timekeeping: Adjust the leap state for the correct auxiliary timekeeper
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: grannygame.org
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A locking violation was found in the Linux kernel's timekeeping subsystem. The __do_adjtimex() function incorrectly references tk_core instead of the passed auxiliary timekeeper when adjusting leap second state. This causes the core timekeeper's sequence lock to be written without holding its associated spinlock, violating the seqlock protocol and triggering lock debugging warnings.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-02-04 17:03:13 UTC 
In the Linux kernel, the following vulnerability has been resolved:

timekeeping: Adjust the leap state for the correct auxiliary timekeeper

When __do_ajdtimex() was introduced to handle adjtimex for any
timekeeper, this reference to tk_core was not updated. When called on an
auxiliary timekeeper, the core timekeeper would be updated incorrectly.

This gets caught by the lock debugging diagnostics because the
timekeepers sequence lock gets written to without holding its
associated spinlock:

WARNING: include/linux/seqlock.h:226 at __do_adjtimex+0x394/0x3b0, CPU#2: test/125
aux_clock_adj (kernel/time/timekeeping.c:2979)
__do_sys_clock_adjtime (kernel/time/posix-timers.c:1161 kernel/time/posix-timers.c:1173)
do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)

Update the correct auxiliary timekeeper.
Comment 1 Jon Moroney 2026-02-04 23:47:39 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026020430-CVE-2026-23106-3edb@gregkh/T
Comment 3 Octavia 2026-02-07 04:41:13 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026020430-CVE-2026-23106- https://poly-track.io