CVE-2026-23187
Published: 14 February 2026
Summary
CVE-2026-23187 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-2 (Baseline Configuration).
Deeper analysis
CVE-2026-23187 is a vulnerability in the Linux kernel's pmdomain imx8m-blk-ctrl driver that results in an out-of-range access to the bc->domains array during the imx8m_blk_ctrl_remove() function. This issue, classified under CWE-125 (Out-of-bounds Read), affects systems running vulnerable versions of the Linux kernel that include this power domain controller for i.MX8M processors.
The vulnerability has a CVSS v3.1 base score of 7.1 (High), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. A local attacker with low privileges can exploit it with low complexity and no user interaction, potentially leading to high-impact confidentiality loss through unauthorized data disclosure and high-impact availability disruption via denial of service.
Mitigation is provided through upstream patches in the Linux kernel stable tree, as detailed in the following commits: https://git.kernel.org/stable/c/071159ff5c0bf2e5efff79501e23faf3775cbcd1, https://git.kernel.org/stable/c/4390dcdabb5fca4647bf56a5a6b050bbdfa5760f, https://git.kernel.org/stable/c/6bd8b4a92a901fae1a422e6f914801063c345e8d, https://git.kernel.org/stable/c/7842b5dfcac888ece025a2321257d74b2264b099, and https://git.kernel.org/stable/c/eb54ce033b344b531b374496e68a2554b2b56b5a. Security practitioners should update to kernels incorporating these fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5855
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove().
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds kernel read enables local data disclosure from system memory and system/application exploitation for DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of security-relevant kernel patches that eliminate the out-of-bounds read in imx8m_blk_ctrl_remove().
Enforces configuration settings that include application of vendor-supplied fixes for the vulnerable pmdomain driver.
Maintains an approved baseline that incorporates the patched imx8m-blk-ctrl code, preventing deployment of the flawed version.