CVE-2026-23327

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0

Description The Linux kernel contains a flaw in the cxl/mbox subsystem. Specifically, the cxl payload from user allowed() function casts and dereferences input payload data without first verifying its size. This can lead to a read-access violation when a raw mailbox command is sent with an undersized payload, such as a 1-byte payload for an operation expecting a 16-byte UUID. This results in reading past the allocated buffer, triggering a kernel memory safety issue.

Recommendations Update to Linux kernel version 6.19.0 or later.