Cyber Resilience

CVE-2026-23236

HighUpdated

Published: 04 March 2026

Published
04 March 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
EPSS Score 0.0001 1.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23236 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-39 (Process Isolation).

Deeper analysis

CVE-2026-23236 affects the Linux kernel's fbdev smscufx driver. The vulnerability stems from the UFX_IOCTL_REPORT_DAMAGE ioctl, which fails to properly copy data from userspace to kernelspace and instead directly references the provided user memory. This improper handling can cause issues when invalid data is passed from userspace. The CVE has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H) and is associated with CWE information not available from NVD.

A local attacker with low privileges required can exploit this vulnerability through low-complexity attacks that require no user interaction. Exploitation could lead to low confidentiality impact, high integrity impact, and high availability impact, potentially allowing memory corruption or denial of service due to mishandling of invalid user data.

Mitigation requires applying upstream Linux kernel patches that correctly copy the ioctl memory to kernelspace before kernel access. Fixes are available in the stable kernel tree via commits such as 061cfeb560aa3ddc174153dbe5be9d0b55eb7248, 0634e8d650993602fc5b389ff7ac525f6542e141, 120adae7b42faa641179270c067864544a50ab69, 1c008ad0f0d1c1523902b9cdb08e404129677bfc, and 52917e265aa5f848212f60fc50fc504d8ef12866, accessible at git.kernel.org/stable.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems…

more

if invalid data is passed from userspace. Fix this all up by correctly copying the memory before accessing it within the kernel.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel ioctl vulnerability enabling memory corruption for privilege escalation from low-privileged user.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
3.2 — 5.10.251 · 5.11 — 5.15.201 · 5.16 — 6.1.164

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and safe copying of untrusted userspace data supplied to the UFX_IOCTL_REPORT_DAMAGE ioctl before kernel use.

prevent

Enforces isolation between user processes and kernel address space, blocking direct memory references that enable the reported corruption/DoS.

prevent

Applies memory-protection mechanisms that limit the integrity and availability impact when invalid user pointers are dereferenced inside the smscufx driver.

References