CVE-2026-23094

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The uacce module, which supports device isolation, creates sysfs files if the driver implements the isolate err threshold read and isolate err threshold write callback functions. Users can read and configure the isolation policy through these sysfs files. Currently, sysfs files are created if either callback function is present. However, accessing a non-existent callback function can lead to a system crash. The issue is addressed by intercepting sysfs creation if neither read nor write callbacks exist, creating sysfs only if either is supported, and intercepting unsupported operations at the call site.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23094

OESA-2026-1566

OESA-2026-1567

OESA-2026-1570

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Linux Kernel

Ubuntu

CVE-2026-23094

Related Identifiers

Affected Products

References · 1849