2444387 – (CVE-2026-23236) CVE-2026-23236 kernel: fbdev: smscufx: properly copy ioctl memory to kernelspace

Bug 2444387 (CVE-2026-23236) - CVE-2026-23236 kernel: fbdev: smscufx: properly copy ioctl memory to kernelspace

Summary: CVE-2026-23236 kernel: fbdev: smscufx: properly copy ioctl memory to kernelspace

Keywords:
Status:	NEW
Alias:	CVE-2026-23236
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-04 15:01 UTC by OSIDB Bzimport
Modified:	2026-03-04 15:32 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-04 15:01:29 UTC

In the Linux kernel, the following vulnerability has been resolved:

fbdev: smscufx: properly copy ioctl memory to kernelspace

The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from
userspace to kernelspace, and instead directly references the memory,
which can cause problems if invalid data is passed from userspace.  Fix
this all up by correctly copying the memory before accessing it within
the kernel.

Comment 1 Alexander B 2026-03-04 15:29:39 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026030440-CVE-2026-23236-b419@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.