CVE-2026-23317
Published: Mar 25, 2026
Modified: May 23, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code with the pointer becoming an out parameter. The error path when the lookup failed was not changed to reflect this change and the code continued to return the PTR_ERR of the now uninitialized pointer. This could cause the vmw_translate_ptr functions to return success when they actually failed causing further uninitialized and OOB accesses.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a - < ce3a5cf139787c186d5d54336107298cacaad2b9affected a309c7194e8a2f8bd4539b9449917913f6c2cd50 - < 7e55d0788b362c93660b80cc5603031bbbdefa98affected a309c7194e8a2f8bd4539b9449917913f6c2cd50 - < 36cb28b6d303a81e6ed4536017090e85e0143e42affected a309c7194e8a2f8bd4539b9449917913f6c2cd50 - < 531f45589787799aa81b63e1e1f8e71db5d93dd1affected a309c7194e8a2f8bd4539b9449917913f6c2cd50 - < 149f028772fa2879d9316b924ce948a6a0877e45+2 more versions |
Linux | Linux | affected 6.2unaffected 0 - < 6.2unaffected 6.1.167 - <= 6.1.*unaffected 6.6.130 - <= 6.6.*unaffected 6.12.77 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now