CVE-2026-23236

EUVD-2026-9408
In the Linux kernel, the following vulnerability has been resolved:

fbdev: smscufx: properly copy ioctl memory to kernelspace

The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from
userspace to kernelspace, and instead directly references the memory,
which can cause problems if invalid data is passed from userspace.  Fix
this all up by correctly copying the memory before accessing it within
the kernel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
3.2 ≤
𝑥
< 5.10.251
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.201
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.164
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.127
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.74
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.13
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
6.1.164-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.251-1
fixed
forky
6.19.11-1
fixed
sid
6.19.12-1
fixed
trixie
vulnerable
trixie (security)
6.12.74-2
fixed
linux-6.1
bullseye (security)
6.1.164-1~deb11u1
fixed
References
https://git.kernel.org/stable/c/061cfeb560aa3ddc174153dbe5be9d0b55eb7248
https://git.kernel.org/stable/c/0634e8d650993602fc5b389ff7ac525f6542e141
https://git.kernel.org/stable/c/120adae7b42faa641179270c067864544a50ab69
https://git.kernel.org/stable/c/1c008ad0f0d1c1523902b9cdb08e404129677bfc
https://git.kernel.org/stable/c/52917e265aa5f848212f60fc50fc504d8ef12866
https://git.kernel.org/stable/c/6167af934f956d3ae1e06d61f45cd0d1004bbe1a
https://git.kernel.org/stable/c/a0321e6e58facb39fe191caa0e52ed9aab6a48fe
https://git.kernel.org/stable/c/f1e91bd4efeae48b0f42caed7e8ce2e3a0d05b02