CVE-2026-23156

HIGH EPSS 2.2%
Published Feb 14, 20264mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 14, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory being copied to userspace in the efivarfs_file_read() path. Fix it by returning the error from __efivar_entry_get().

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥6.0  –  <6.1.162
linuxlinux_kernel*≥6.2  –  <6.6.123
linuxlinux_kernel*≥6.7  –  <6.12.69
linuxlinux_kernel*≥6.13  –  <6.18.9
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b22ec1685ce1fc0d862dcda3225d852fb107995
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/510a16f1c5c1690b33504052bc13fbc2772c23f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/89b8ca709eeeabcc11ebba64806677873a2787a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4e15a0a4403c96d9898d8398f0640421df9cb16
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b22ec1685ce1fc0d862dcda3225d852fb107995
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/510a16f1c5c1690b33504052bc13fbc2772c23f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/89b8ca709eeeabcc11ebba64806677873a2787a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4e15a0a4403c96d9898d8398f0640421df9cb16
    Patch