CVE-2026-23236

EUVD-2026-9408
In the Linux kernel, the following vulnerability has been resolved:

fbdev: smscufx: properly copy ioctl memory to kernelspace

The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from
userspace to kernelspace, and instead directly references the memory,
which can cause problems if invalid data is passed from userspace.  Fix
this all up by correctly copying the memory before accessing it within
the kernel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
3.2 ≤
𝑥
< 5.10.251
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.201
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.164
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.127
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.74
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.13
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.3
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensRUGGEDCOM RST2428P
𝑥
< V4.0
ADP
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.176-1
fixed
bookworm (security)
6.1.176-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.259-1
fixed
forky
7.1.3-1
fixed
sid
7.1.3-1
fixed
trixie
6.12.94-1
fixed
trixie (security)
6.12.95-1
fixed
linux-6.1
bullseye (security)
6.1.176-1~deb11u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
kernel-64kb
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
kernel-azure
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
kernel-default
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
kernel-default-base
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1.150700.17.33.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1.150700.17.33.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1.150700.17.33.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
kernel-source
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.55.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.55.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
kernel
Azure Linux 3.0
0:6.6.130.1-1.azl3
fixed
CBL-Mariner 2.0
0:5.15.202.1-1.cm2
fixed