CVE-2026-23236
Description
In the Linux kernel, the following vulnerability has been resolved:
fbdev: smscufx: properly copy ioctl memory to kernelspace
The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid data is passed from userspace. Fix this all up by correctly copying the memory before accessing it within the kernel.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Linux kernel's smscufx framebuffer driver improperly handles userspace memory in the UFX_IOCTL_IOCTL_REPORT_DAMAGE ioctl, leading to potential memory corruption.
Vulnerability
Overview
The Linux kernel's smscufx framebuffer driver contains a vulnerability in the UFX_IOCTL_REPORT_DAMAGE ioctl handler`. The ioctl does not properly copy data from userspace to kernelspace; instead, it directly references the user-supplied memory. This can lead to issues if invalid or malicious data is passed from userspace, potentially causing memory corruption or other undefined behavior [1].
Exploitation
An attacker with local access and the ability to invoke the UFX_IOCTL_REPORT_DAMAGE ioctl on a smscufx device can exploit this flaw. By crafting a malicious userspace buffer, the attacker can trigger the kernel to operate on untrusted data without proper validation or copying, which may lead to kernel memory corruption [2].
Impact
Successful exploitation could allow an attacker to corrupt kernel memory, potentially leading to a denial of service (system crash) or, in more severe cases, privilege escalation. The vulnerability is rated High with a CVSS v3 score of 7.3, reflecting the potential for significant impact on system integrity and availability [3].
Mitigation
The fix involves correctly copying the userspace memory to kernelspace before accessing it, ensuring that the kernel operates on a validated copy. The patch has been applied to the Linux kernel stable tree and is available in commits such as 6167af934f95 and 1c008ad0f0d1 [4]. Users are advised to update their kernels to include this patched version.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/061cfeb560aa3ddc174153dbe5be9d0b55eb7248nvdPatch
- git.kernel.org/stable/c/0634e8d650993602fc5b389ff7ac525f6542e141nvdPatch
- git.kernel.org/stable/c/120adae7b42faa641179270c067864544a50ab69nvdPatch
- git.kernel.org/stable/c/1c008ad0f0d1c1523902b9cdb08e404129677bfcnvdPatch
- git.kernel.org/stable/c/52917e265aa5f848212f60fc50fc504d8ef12866nvdPatch
- git.kernel.org/stable/c/6167af934f956d3ae1e06d61f45cd0d1004bbe1anvdPatch
- git.kernel.org/stable/c/a0321e6e58facb39fe191caa0e52ed9aab6a48fenvdPatch
- git.kernel.org/stable/c/f1e91bd4efeae48b0f42caed7e8ce2e3a0d05b02nvdPatch
News mentions
0No linked articles in our index yet.