HIGHCVE-2026-23236Published Modified CNA Linux
CVE-2026-23236: fbdev: smscufx: properly copy ioctl memory to kernelspace
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid data is passed from userspace. Fix this all up by correctly copying the memory before accessing it within the kernel.
Metrics
- CVSS v3.1
- 7.3
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
0061cfeb560aa3ddc174153dbe5be9d0b55eb72480634e8d650993602fc5b389ff7ac525f6542e141120adae7b42faa641179270c067864544a50ab691c008ad0f0d1c1523902b9cdb08e404129677bfc5.10.2515.15.20152917e265aa5f848212f60fc50fc504d8ef128666.1.1646.6.1276.12.746.18.136.19.36167af934f956d3ae1e06d61f45cd0d1004bbe1a7.0a0321e6e58facb39fe191caa0e52ed9aab6a48fef1e91bd4efeae48b0f42caed7e8ce2e3a0d05b02
Affected packages
- Linux / Linux< 061cfeb560aa3ddc174153dbe5be9d0b55eb7248 (from 3c8a63e22a0802fd56380f6ab305b419f18eb6f5) · < 6167af934f956d3ae1e06d61f45cd0d1004bbe1a (from 3c8a63e22a0802fd56380f6ab305b419f18eb6f5) · < a0321e6e58facb39fe191caa0e52ed9aab6a48fe (from 3c8a63e22a0802fd56380f6ab305b419f18eb6f5) · < 0634e8d650993602fc5b389ff7ac525f6542e141 (from 3c8a63e22a0802fd56380f6ab305b419f18eb6f5) · < 52917e265aa5f848212f60fc50fc504d8ef12866 (from 3c8a63e22a0802fd56380f6ab305b419f18eb6f5) · < 1c008ad0f0d1c1523902b9cdb08e404129677bfc (from 3c8a63e22a0802fd56380f6ab305b419f18eb6f5)
- Linux / Linux3.2Fixed in 0, 5.10.251, 5.15.201, 6.1.164, 6.6.127, 6.12.74, 6.18.13, 6.19.3, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H