CVE-2026-23236

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The UFX IOCTL REPORT DAMAGE ioctl does not correctly copy data from user space to kernel space. Instead, it directly references the memory, which can lead to issues if invalid data is provided from user space. The issue is resolved by correctly copying the memory before accessing it within the kernel. The vulnerable ioctl involves direct memory referencing, potentially leading to kernel-level issues when handling user-supplied data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-78632

CVE-2026-23236

ECHO-D315-E755-ACCA

OPENSUSE-SU-2026:10387-1

OPENSUSE-SU-2026:20826-1

SUSE-SU-2026:21841-1

Affected Products

Linux Kernel

CVE-2026-23236

Related Identifiers

Affected Products

References · 61