Cyber Resilience

CVE-2026-23156

High

Published: 14 February 2026

Published
14 February 2026
Modified
18 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23156 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-23156 is a vulnerability in the Linux kernel's efivarfs filesystem implementation, specifically within the efivar_entry_get() function. This function fails to propagate errors from the underlying __efivar_entry_get() call, always returning success even on failure. As a result, uninitialized heap memory can be copied to userspace through the efivarfs_file_read() path.

The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a local attack vector with low complexity that requires low privileges. A local attacker with standard user privileges can exploit it by triggering reads on efivarfs entries, potentially leaking sensitive uninitialized kernel heap data, corrupting user-space memory, or causing denial of service through invalid data exposure.

Mitigation involves applying the upstream kernel patches referenced in the stable repository commits, such as those at https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42 and similar fixes, which correct the error propagation by having efivar_entry_get() return the error from __efivar_entry_get(). Security practitioners should update affected Linux kernels to versions incorporating these commits.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory being copied to userspace in…

more

the efivarfs_file_read() path. Fix it by returning the error from __efivar_entry_get().

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Kernel info leak via efivarfs read enables local data exfiltration from kernel memory (T1005) and facilitates privilege escalation via leaked addresses/data (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31614Same product: Linux Linux Kernel
CVE-2024-57943Same product: Linux Linux Kernel
CVE-2026-23235Same product: Linux Linux Kernel
CVE-2026-31697Same product: Linux Linux Kernel
CVE-2026-31698Same product: Linux Linux Kernel
CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2024-57910Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.19 · 6.0 — 6.1.162 · 6.2 — 6.6.123 · 6.7 — 6.12.69

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely remediation of the specific error propagation flaw in efivar_entry_get() through kernel patching.

prevent

Addresses the root cause by mandating proper error handling to prevent masking of failures from __efivar_entry_get(), avoiding uninitialized heap memory exposure to userspace.

prevent

Prevents unauthorized transfer of uninitialized kernel heap memory to userspace via the shared efivarfs filesystem resource.

References