CVE-2026-23346

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the ioremap prot() function related to memory access permissions on the arm64 architecture. Specifically, the function incorrectly handles permission controls when creating user mappings, potentially leading to kernel reads from unreadable memory and system crashes on systems with Protection Against Memory (PAN). The issue arises because the function returns a new user mapping that faults when accessed from the kernel. The fix involves extracting only the memory type from the user 'pgprot t' in ioremap prot() and asserting that a user mapping is being passed. The vulnerable code is called by generic access phys(), which is used in functions like environ read() and vfs read().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.