CVE-2026-23156

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel where the efivar entry get() function does not properly propagate errors from the efivar entry get() function. This can lead to uninitialized heap memory being copied to user space through the efivarfs file read() path. The root cause is that efivar entry get() always returns success, even when efivar entry get() fails, effectively masking errors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2026:4012

CVE-2026-23156

OESA-2026-1760

OPENSUSE-SU-2026:20416-1

RHSA-2026:4012

RHSA-2026:9095

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8278-1

USN-8278-2

USN-8289-1

USN-8289-2

USN-8296-1

USN-8296-2

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23156

Related Identifiers

Affected Products

References · 1926