CVE-2026-23236
HIGHLinux Kernel 3.2-5.10.251 - Unauthenticated Memory Corruption via UFX_IOCTL_REPORT_DAMAGE
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid data is passed from userspace. Fix this all up by correctly copying the memory before accessing it within the kernel.
References (9)
Core 9
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Scores
CVSS v3
7.3
EPSS
0.0021
EPSS Percentile
10.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Details
Status
published
Products (27)
linux/Kernel
3.2.0 - 5.10.251linux
linux/Kernel
5.11.0 - 5.15.201linux
linux/Kernel
5.16.0 - 6.1.164linux
linux/Kernel
6.13.0 - 6.18.13linux
linux/Kernel
6.19.0 - 6.19.3linux
linux/Kernel
6.2.0 - 6.6.127linux
linux/Kernel
6.7.0 - 6.12.74linux
Linux/Linux
< 3.2
Linux/Linux
3.2
Linux/Linux
3c8a63e22a0802fd56380f6ab305b419f18eb6f5 - 061cfeb560aa3ddc174153dbe5be9d0b55eb7248
... and 17 more
Published
Mar 04, 2026
Tracked Since
Mar 04, 2026