CVE-2026-23236 HIGH

Published: 2026-03-04 | Last Modified: 2026-06-02 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid data is passed from userspace. Fix this all up by correctly copying the memory before accessing it within the kernel.

Additional Descriptions (1)

En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: fbdev: smscufx: copiar correctamente la memoria ioctl al espacio del kernel El ioctl UFX_IOCTL_REPORT_DAMAGE no copia correctamente los datos desde el espacio de usuario al espacio del kernel, y en su lugar referencia directamente la memoria, lo que puede causar problemas si se pasan datos inválidos desde el espacio de usuario. Soluciona todo esto copiando correctamente la memoria antes de acceder a ella dentro del kernel.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Primary	en NVD-CWE-noinfo

Affected Products

Vendor	Product	Version	Update	Type
linux	linux_kernel	*	<built-in method update of dict object at 0x7f760079d8c0>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x7f7602171180>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x7f76027f7a40>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x7f76027f7c40>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x7f7638069080>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x7f76380693c0>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x7f76027f6780>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`

References

https://git.kernel.org/stable/c/061cfeb560aa3ddc174153dbe5be9d0b55eb7248
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch
https://git.kernel.org/stable/c/0634e8d650993602fc5b389ff7ac525f6542e141
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch
https://git.kernel.org/stable/c/120adae7b42faa641179270c067864544a50ab69
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch
https://git.kernel.org/stable/c/1c008ad0f0d1c1523902b9cdb08e404129677bfc
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch
https://git.kernel.org/stable/c/52917e265aa5f848212f60fc50fc504d8ef12866
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch
https://git.kernel.org/stable/c/6167af934f956d3ae1e06d61f45cd0d1004bbe1a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch
https://git.kernel.org/stable/c/a0321e6e58facb39fe191caa0e52ed9aab6a48fe
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch
https://git.kernel.org/stable/c/f1e91bd4efeae48b0f42caed7e8ce2e3a0d05b02
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e