CVE-2026-23156

7.8 HIGH

Published: February 14, 2026 Modified: March 18, 2026

Description

In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory being copied to userspace in the efivarfs_file_read() path. Fix it by returning the error from __efivar_entry_get().

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/4b22ec1685ce1fc0d862dcda3225d852fb107995

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/510a16f1c5c1690b33504052bc13fbc2772c23f8

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/89b8ca709eeeabcc11ebba64806677873a2787a8

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/e4e15a0a4403c96d9898d8398f0640421df9cb16

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

5 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.8 / 10.0

EPSS (Exploit Probability)

0.0%

3th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

linux