FKIE_CVE-2026-23236

Vulnerability from fkie_nvd - Published: 2026-03-04 15:16 - Updated: 2026-03-04 18:08
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid data is passed from userspace. Fix this all up by correctly copying the memory before accessing it within the kernel.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/061cfeb560aa3ddc174153dbe5be9d0b55eb7248
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0634e8d650993602fc5b389ff7ac525f6542e141
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/120adae7b42faa641179270c067864544a50ab69
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1c008ad0f0d1c1523902b9cdb08e404129677bfc
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/52917e265aa5f848212f60fc50fc504d8ef12866
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6167af934f956d3ae1e06d61f45cd0d1004bbe1a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a0321e6e58facb39fe191caa0e52ed9aab6a48fe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f1e91bd4efeae48b0f42caed7e8ce2e3a0d05b02
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: smscufx: properly copy ioctl memory to kernelspace\n\nThe UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from\nuserspace to kernelspace, and instead directly references the memory,\nwhich can cause problems if invalid data is passed from userspace.  Fix\nthis all up by correctly copying the memory before accessing it within\nthe kernel."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nfbdev: smscufx: copiar correctamente la memoria ioctl al espacio del kernel\n\nEl ioctl UFX_IOCTL_REPORT_DAMAGE no copia correctamente los datos desde el espacio de usuario al espacio del kernel, y en su lugar referencia directamente la memoria, lo que puede causar problemas si se pasan datos inv\u00e1lidos desde el espacio de usuario. Soluciona todo esto copiando correctamente la memoria antes de acceder a ella dentro del kernel."
    }
  ],
  "id": "CVE-2026-23236",
  "lastModified": "2026-03-04T18:08:05.730",
  "metrics": {},
  "published": "2026-03-04T15:16:14.173",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/061cfeb560aa3ddc174153dbe5be9d0b55eb7248"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0634e8d650993602fc5b389ff7ac525f6542e141"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/120adae7b42faa641179270c067864544a50ab69"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1c008ad0f0d1c1523902b9cdb08e404129677bfc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/52917e265aa5f848212f60fc50fc504d8ef12866"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6167af934f956d3ae1e06d61f45cd0d1004bbe1a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a0321e6e58facb39fe191caa0e52ed9aab6a48fe"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f1e91bd4efeae48b0f42caed7e8ce2e3a0d05b02"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.