Cyber Resilience

CVE-2026-23317

High

Published: 25 March 2026

Published
25 March 2026
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23317 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-23317 is a vulnerability in the Linux kernel's drm/vmwgfx driver, specifically affecting the vmw_translate_ptr functions. Prior to the fixes, these functions were updated to use a lookup that returns an error code with the pointer as an out parameter, but the error handling path was not adjusted accordingly. This resulted in the functions returning the PTR_ERR value of an uninitialized pointer on lookup failure, falsely indicating success and leading to uninitialized memory use and out-of-bounds (OOB) accesses. The issue is classified under CWE-908 (Use of Uninitialized Resource) with a CVSS v3.1 base score of 7.8.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N), as it requires only local access (AV:L) in an unchanged security scope (S:U). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution, data corruption, or system crashes through the mishandled pointer dereferences and OOB accesses in the vmwgfx DRM component.

Mitigation involves applying the upstream kernel patches referenced in the stable repository commits, including 149f028772fa2879d9316b924ce948a6a0877e45, 36cb28b6d303a81e6ed4536017090e85e0143e42, 5023ca80f9589295cb60735016e39fc5cc714243, 531f45589787799aa81b63e1e1f8e71db5d93dd1, and 7e55d0788b362c93660b80cc5603031bbbdefa98. Security practitioners should update affected Linux kernels, particularly those using the vmwgfx driver for VMware graphics support, and monitor for inclusion in stable releases post-publication on 2026-03-25.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that…

more

returned an error code with the pointer becoming an out parameter. The error path when the lookup failed was not changed to reflect this change and the code continued to return the PTR_ERR of the now uninitialized pointer. This could cause the vmw_translate_ptr functions to return success when they actually failed causing further uninitialized and OOB accesses.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel vulnerability in vmwgfx enabling arbitrary code execution from low-privileged context via uninitialized pointer/OOB access, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31693Same product: Linux Linux Kernel
CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2024-57910Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.2, 7.0 · 6.1.7 — 6.1.167 · 6.2.1 — 6.6.130 · 6.7 — 6.12.77

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the specific Linux kernel flaw in vmw_translate_ptr functions through patching to prevent uninitialized pointer use and OOB accesses.

prevent

Mandates proper error handling in kernel components to ensure lookup failures are correctly propagated, avoiding false success returns that trigger the vulnerability.

prevent

Provides memory protection mechanisms that mitigate the effects of uninitialized memory dereferences and out-of-bounds accesses caused by the flawed pointer translation.

References