Bug 2439951 (CVE-2026-23156)
| Summary: | CVE-2026-23156 kernel: Linux kernel: Information disclosure in efivarfs via incorrect error propagation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the efivarfs component of the Linux kernel. This vulnerability, an information disclosure issue, arises from incorrect error handling in the efivar_entry_get function. An unprivileged local attacker can exploit this by reading from efivarfs, potentially causing uninitialized kernel memory to be copied to userspace. This could allow the attacker to obtain sensitive kernel memory contents, which may aid in bypassing security mitigations.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-02-14 17:04:37 UTC
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026021416-CVE-2026-23156-b2f4@gregkh/T This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:4012 https://access.redhat.com/errata/RHSA-2026:4012 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:9095 https://access.redhat.com/errata/RHSA-2026:9095 |