Bug 2439951 (CVE-2026-23156)

Summary: CVE-2026-23156 kernel: Linux kernel: Information disclosure in efivarfs via incorrect error propagation
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the efivarfs component of the Linux kernel. This vulnerability, an information disclosure issue, arises from incorrect error handling in the efivar_entry_get function. An unprivileged local attacker can exploit this by reading from efivarfs, potentially causing uninitialized kernel memory to be copied to userspace. This could allow the attacker to obtain sensitive kernel memory contents, which may aid in bypassing security mitigations.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-02-14 17:04:37 UTC
In the Linux kernel, the following vulnerability has been resolved:

efivarfs: fix error propagation in efivar_entry_get()

efivar_entry_get() always returns success even if the underlying
__efivar_entry_get() fails, masking errors.

This may result in uninitialized heap memory being copied to userspace
in the efivarfs_file_read() path.

Fix it by returning the error from __efivar_entry_get().

Comment 4 errata-xmlrpc 2026-03-09 09:40:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:4012 https://access.redhat.com/errata/RHSA-2026:4012

Comment 5 errata-xmlrpc 2026-04-20 18:11:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:9095 https://access.redhat.com/errata/RHSA-2026:9095