CVE-2026-23156

Published: Feb 14, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory being copied to userspace in the efivarfs_file_read() path. Fix it by returning the error from __efivar_entry_get().

Vendor	Product	Versions
Linux	Linux	affected `2d82e6227ea189c0589e7383a36616ac2a2d248c - < 3960f1754664661a970dc9ebbab44ff93a0b4c42` affected `2d82e6227ea189c0589e7383a36616ac2a2d248c - < 510a16f1c5c1690b33504052bc13fbc2772c23f8` affected `2d82e6227ea189c0589e7383a36616ac2a2d248c - < 89b8ca709eeeabcc11ebba64806677873a2787a8` affected `2d82e6227ea189c0589e7383a36616ac2a2d248c - < e4e15a0a4403c96d9898d8398f0640421df9cb16` affected `2d82e6227ea189c0589e7383a36616ac2a2d248c - < 4b22ec1685ce1fc0d862dcda3225d852fb107995`
Linux	Linux	affected `6.0` unaffected `0 - < 6.0` unaffected `6.1.162 - <= 6.1.` unaffected `6.6.123 - <= 6.6.` unaffected `6.12.69 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42

https://git.kernel.org/stable/c/510a16f1c5c1690b33504052bc13fbc2772c23f8

https://git.kernel.org/stable/c/89b8ca709eeeabcc11ebba64806677873a2787a8

https://git.kernel.org/stable/c/e4e15a0a4403c96d9898d8398f0640421df9cb16

https://git.kernel.org/stable/c/4b22ec1685ce1fc0d862dcda3225d852fb107995

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23156

Description

Affected Products

References