CVE-2026-23317
Published: 25 March 2026
Summary
CVE-2026-23317 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the specific Linux kernel flaw in vmw_translate_ptr functions through patching to prevent uninitialized pointer use and OOB accesses.
Mandates proper error handling in kernel components to ensure lookup failures are correctly propagated, avoiding false success returns that trigger the vulnerability.
Provides memory protection mechanisms that mitigate the effects of uninitialized memory dereferences and out-of-bounds accesses caused by the flawed pointer translation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel vulnerability in vmwgfx enabling arbitrary code execution from low-privileged context via uninitialized pointer/OOB access, directly mapping to exploitation for privilege escalation.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that…
more
returned an error code with the pointer becoming an out parameter. The error path when the lookup failed was not changed to reflect this change and the code continued to return the PTR_ERR of the now uninitialized pointer. This could cause the vmw_translate_ptr functions to return success when they actually failed causing further uninitialized and OOB accesses.
Deeper analysisAI
CVE-2026-23317 is a vulnerability in the Linux kernel's drm/vmwgfx driver, specifically affecting the vmw_translate_ptr functions. Prior to the fixes, these functions were updated to use a lookup that returns an error code with the pointer as an out parameter, but the error handling path was not adjusted accordingly. This resulted in the functions returning the PTR_ERR value of an uninitialized pointer on lookup failure, falsely indicating success and leading to uninitialized memory use and out-of-bounds (OOB) accesses. The issue is classified under CWE-908 (Use of Uninitialized Resource) with a CVSS v3.1 base score of 7.8.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N), as it requires only local access (AV:L) in an unchanged security scope (S:U). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution, data corruption, or system crashes through the mishandled pointer dereferences and OOB accesses in the vmwgfx DRM component.
Mitigation involves applying the upstream kernel patches referenced in the stable repository commits, including 149f028772fa2879d9316b924ce948a6a0877e45, 36cb28b6d303a81e6ed4536017090e85e0143e42, 5023ca80f9589295cb60735016e39fc5cc714243, 531f45589787799aa81b63e1e1f8e71db5d93dd1, and 7e55d0788b362c93660b80cc5603031bbbdefa98. Security practitioners should update affected Linux kernels, particularly those using the vmwgfx driver for VMware graphics support, and monitor for inclusion in stable releases post-publication on 2026-03-25.
Details
- CWE(s)