Cyber Resilience

CVE-2026-23222

HighUpdated

Published: 18 February 2026

Published
18 February 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23222 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-23222 is a vulnerability in the Linux kernel's crypto/omap subsystem, specifically in the omap_crypto_copy_sg_lists() function. The issue stems from an incorrect allocation of scatterlists when OMAP_CRYPTO_FORCE_COPY is used; the code allocated an array of scatterlist pointers rather than scatterlist objects, resulting in a buffer that is four times too small. This flaw has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could lead to high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data corruption, or denial of service within the kernel context.

Mitigation involves applying the relevant stable kernel patches referenced in the advisory, including commits such as 1562b1fb7e17c1b3addb15e125c718b2be7f5512, 2ed27b5a1174351148c3adbfc0cd86d54072ba2e, 31aff96a41ae6f1f1687c065607875a27c364da8, 6edf8df4bd29f7bfd245b67b2c31d905f1cfc14b, and 79f95b51d4278044013672c27519ae88d07013d8 from git.kernel.org. Systems using OMAP crypto acceleration should update to kernels incorporating these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy_sg_lists() was allocating an array of scatterlist pointers, not scatterlist objects, resulting in a 4x too small…

more

allocation. Use sizeof(*new_sg) to get the correct object size.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel buffer overflow in OMAP crypto subsystem directly enables privilege escalation via arbitrary code execution in kernel context (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
4.13 — 5.10.251 · 5.11 — 5.15.201 · 5.16 — 6.1.164

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, prioritization, and patching of the Linux kernel flaw in omap_crypto_copy_sg_lists() causing 4x undersized scatterlist allocation as described in CVE-2026-23222.

prevent

Vulnerability scanning detects the presence of CVE-2026-23222 in Linux kernels with OMAP crypto acceleration, enabling proactive remediation.

prevent

Memory protection mechanisms mitigate exploitation of the buffer under-allocation vulnerability leading to kernel code execution or corruption.

References