{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23156", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.978Z", "datePublished": "2026-02-14T16:01:23.215Z", "dateUpdated": "2026-05-11T22:01:17.796Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:01:17.796Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: fix error propagation in efivar_entry_get()\n\nefivar_entry_get() always returns success even if the underlying\n__efivar_entry_get() fails, masking errors.\n\nThis may result in uninitialized heap memory being copied to userspace\nin the efivarfs_file_read() path.\n\nFix it by returning the error from __efivar_entry_get()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/efivarfs/vars.c"], "versions": [{"version": "2d82e6227ea189c0589e7383a36616ac2a2d248c", "lessThan": "3960f1754664661a970dc9ebbab44ff93a0b4c42", "status": "affected", "versionType": "git"}, {"version": "2d82e6227ea189c0589e7383a36616ac2a2d248c", "lessThan": "510a16f1c5c1690b33504052bc13fbc2772c23f8", "status": "affected", "versionType": "git"}, {"version": "2d82e6227ea189c0589e7383a36616ac2a2d248c", "lessThan": "89b8ca709eeeabcc11ebba64806677873a2787a8", "status": "affected", "versionType": "git"}, {"version": "2d82e6227ea189c0589e7383a36616ac2a2d248c", "lessThan": "e4e15a0a4403c96d9898d8398f0640421df9cb16", "status": "affected", "versionType": "git"}, {"version": "2d82e6227ea189c0589e7383a36616ac2a2d248c", "lessThan": "4b22ec1685ce1fc0d862dcda3225d852fb107995", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/efivarfs/vars.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.123", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.69", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.9", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.6.123"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.12.69"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.18.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42"}, {"url": "https://git.kernel.org/stable/c/510a16f1c5c1690b33504052bc13fbc2772c23f8"}, {"url": "https://git.kernel.org/stable/c/89b8ca709eeeabcc11ebba64806677873a2787a8"}, {"url": "https://git.kernel.org/stable/c/e4e15a0a4403c96d9898d8398f0640421df9cb16"}, {"url": "https://git.kernel.org/stable/c/4b22ec1685ce1fc0d862dcda3225d852fb107995"}], "title": "efivarfs: fix error propagation in efivar_entry_get()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "83DE4E0F-B87E-49B8-B0C7-D01CE9B22054", "versionEndExcluding": "6.1.162", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "316D8D4E-FE44-4C76-8403-63CAF51EEFC2", "versionEndExcluding": "6.6.123", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F0D11B0-A3DA-4D8F-89B9-CFD2094EBA37", "versionEndExcluding": "6.12.69", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "171CFCB2-8F49-4F9E-8A67-FAC6BF45B5A2", "versionEndExcluding": "6.18.9", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: fix error propagation in efivar_entry_get()\n\nefivar_entry_get() always returns success even if the underlying\n__efivar_entry_get() fails, masking errors.\n\nThis may result in uninitialized heap memory being copied to userspace\nin the efivarfs_file_read() path.\n\nFix it by returning the error from __efivar_entry_get()."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nefivarfs: correcci\u00f3n de la propagaci\u00f3n de errores en efivar_entry_get()\n\nefivar_entry_get() siempre devuelve \u00e9xito incluso si la funci\u00f3n subyacente __efivar_entry_get() falla, enmascarando errores.\n\nEsto puede resultar en que memoria de pila no inicializada sea copiada al espacio de usuario en la ruta de efivarfs_file_read().\n\nSe soluciona devolviendo el error desde __efivar_entry_get()."}], "id": "CVE-2026-23156", "lastModified": "2026-03-18T14:40:43.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-14T16:15:55.760", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b22ec1685ce1fc0d862dcda3225d852fb107995"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/510a16f1c5c1690b33504052bc13fbc2772c23f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/89b8ca709eeeabcc11ebba64806677873a2787a8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e4e15a0a4403c96d9898d8398f0640421df9cb16"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: efivarfs: fix error propagation in efivar_entry_get()", "id": "2439951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439951"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nefivarfs: fix error propagation in efivar_entry_get()\nefivar_entry_get() always returns success even if the underlying\n__efivar_entry_get() fails, masking errors.\nThis may result in uninitialized heap memory being copied to userspace\nin the efivarfs_file_read() path.\nFix it by returning the error from __efivar_entry_get()."], "name": "CVE-2026-23156", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23156\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23156\nhttps://lore.kernel.org/linux-cve-announce/2026021416-CVE-2026-23156-b2f4@gregkh/T"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2d82e6227ea189c0589e7383a36616ac2a2d248c,3960f1754664661a970dc9ebbab44ff93a0b4c42)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2d82e6227ea189c0589e7383a36616ac2a2d248c,510a16f1c5c1690b33504052bc13fbc2772c23f8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2d82e6227ea189c0589e7383a36616ac2a2d248c,89b8ca709eeeabcc11ebba64806677873a2787a8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2d82e6227ea189c0589e7383a36616ac2a2d248c,e4e15a0a4403c96d9898d8398f0640421df9cb16)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2d82e6227ea189c0589e7383a36616ac2a2d248c,4b22ec1685ce1fc0d862dcda3225d852fb107995)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.162,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.123,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.69,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.9,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-18T12:19:37.815038+00:00", "value": {"mitigation_remediation": ["Update the kernel to a version that includes the efivarfs error\u2011propagation patch.", "Ensure /sys/firmware/efi/efivars is mounted with restrictive permissions so that only privileged users can read it.", "If a kernel upgrade cannot be applied immediately, change the ownership or file mode of /sys/firmware/efi/efivars to prevent unprivileged read access."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "All Linux kernel releases containing the buggy efivarfs code are vulnerable, including kernel 6.19 release candidates up to rc7 as shown by the CPE list. Systems running any unpatched kernel may therefore expose kernel memory contents through the /sys/firmware/efi/efivars interface.", "description_and_impact": "The Linux kernel efivarfs implementation returned success even when an internal lookup failed, allowing the read path to copy uninitialized heap memory into userspace. An attacker who can read efivarfs entries could thus learn kernel data that should not be exposed. This flaw is a classic case of information exposure, identified as CWE-200.", "risk_and_exploitability": "With a CVSS score of 7.8 the vulnerability is classified as high severity, but its EPSS score of <1% indicates exploitation is currently unlikely. The flaw is local, requiring read access to efivarfs, which is normally restricted to privileged users. If the filesystem is mounted with broader permissions or an attacker gains such read access, sensitive kernel data could be leaked. The vulnerability is not listed in the CISA KEV catalog and no active exploit is documented."}}}}, "created": "2026-02-16T12:01:11.356596+00:00", "title": "Kernel Uninitialized Memory Exposure via efivarfs", "updated": "2026-04-18T12:30:45.452265+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-200", "CWE-457"]}