CVE-2026-23156

High

Published: 14 February 2026

Published

14 February 2026

Modified

18 March 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 4.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23156 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the vulnerability by requiring timely remediation of the specific error propagation flaw in efivar_entry_get() through kernel patching.

SI-11 Error Handling good match

prevent

Addresses the root cause by mandating proper error handling to prevent masking of failures from __efivar_entry_get(), avoiding uninitialized heap memory exposure to userspace.

SC-4 Information in Shared System Resources partial match

prevent

Prevents unauthorized transfer of uninitialized kernel heap memory to userspace via the shared efivarfs filesystem resource.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Kernel info leak via efivarfs read enables local data exfiltration from kernel memory (T1005) and facilitates privilege escalation via leaked addresses/data (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory being copied to userspace in…

the efivarfs_file_read() path. Fix it by returning the error from __efivar_entry_get().

Deeper analysisAI

CVE-2026-23156 is a vulnerability in the Linux kernel's efivarfs filesystem implementation, specifically within the efivar_entry_get() function. This function fails to propagate errors from the underlying __efivar_entry_get() call, always returning success even on failure. As a result, uninitialized heap memory can be copied to userspace through the efivarfs_file_read() path.

The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a local attack vector with low complexity that requires low privileges. A local attacker with standard user privileges can exploit it by triggering reads on efivarfs entries, potentially leaking sensitive uninitialized kernel heap data, corrupting user-space memory, or causing denial of service through invalid data exposure.

Mitigation involves applying the upstream kernel patches referenced in the stable repository commits, such as those at https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42 and similar fixes, which correct the error propagation by having efivar_entry_get() return the error from __efivar_entry_get(). Security practitioners should update affected Linux kernels to versions incorporating these commits.

Details

CWE(s): NVD-CWE-noinfo

Affected Products

linux

linux kernel

6.19 · 6.0 — 6.1.162 · 6.2 — 6.6.123 · 6.7 — 6.12.69

CVEs Like This One

CVE-2024-57943Same product: Linux Linux Kernel

CVE-2026-31614Same product: Linux Linux Kernel

CVE-2026-31697Same product: Linux Linux Kernel

CVE-2026-23235Same product: Linux Linux Kernel

CVE-2026-31698Same product: Linux Linux Kernel

CVE-2026-31694Same product: Linux Linux Kernel

CVE-2026-31641Same product: Linux Linux Kernel

CVE-2026-31663Same product: Linux Linux Kernel

CVE-2024-57907Same product: Linux Linux Kernel

CVE-2026-23336Same product: Linux Linux Kernel

References

https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/4b22ec1685ce1fc0d862dcda3225d852fb107995
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/510a16f1c5c1690b33504052bc13fbc2772c23f8
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/89b8ca709eeeabcc11ebba64806677873a2787a8
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e4e15a0a4403c96d9898d8398f0640421df9cb16
Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67