CVE-2026-23222
Published: 18 February 2026
Summary
CVE-2026-23222 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2026-23222 is a vulnerability in the Linux kernel's crypto/omap subsystem, specifically in the omap_crypto_copy_sg_lists() function. The issue stems from an incorrect allocation of scatterlists when OMAP_CRYPTO_FORCE_COPY is used; the code allocated an array of scatterlist pointers rather than scatterlist objects, resulting in a buffer that is four times too small. This flaw has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could lead to high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data corruption, or denial of service within the kernel context.
Mitigation involves applying the relevant stable kernel patches referenced in the advisory, including commits such as 1562b1fb7e17c1b3addb15e125c718b2be7f5512, 2ed27b5a1174351148c3adbfc0cd86d54072ba2e, 31aff96a41ae6f1f1687c065607875a27c364da8, 6edf8df4bd29f7bfd245b67b2c31d905f1cfc14b, and 79f95b51d4278044013672c27519ae88d07013d8 from git.kernel.org. Systems using OMAP crypto acceleration should update to kernels incorporating these fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7679
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy_sg_lists() was allocating an array of scatterlist pointers, not scatterlist objects, resulting in a 4x too small…
more
allocation. Use sizeof(*new_sg) to get the correct object size.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel buffer overflow in OMAP crypto subsystem directly enables privilege escalation via arbitrary code execution in kernel context (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification, prioritization, and patching of the Linux kernel flaw in omap_crypto_copy_sg_lists() causing 4x undersized scatterlist allocation as described in CVE-2026-23222.
Vulnerability scanning detects the presence of CVE-2026-23222 in Linux kernels with OMAP crypto acceleration, enabling proactive remediation.
Memory protection mechanisms mitigate exploitation of the buffer under-allocation vulnerability leading to kernel code execution or corruption.