FKIE_CVE-2026-23323

Vulnerability from fkie_nvd - Published: 2026-03-25 11:16 - Updated: 2026-03-25 15:41
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sensor population loop used the wrong prefix ("volt-" instead of "voltage-") and incorrectly assigned sensors to the temperature sensor array (hwmon->temp.sensors) instead of the voltage sensor array (hwmon->volt.sensors). This would lead to out-of-bounds memory access or data corruption when both temperature and voltage sensors were present. - The float conversion in macsmc_hwmon_write_f32() had flawed exponent logic for values >= 2^24 and lacked masking for the mantissa, which could lead to incorrect values being written to the SMC. Fix these issues to ensure correct sensor registration and reliable manual fan control. Confirm that the reported overflow in FIELD_PREP is fixed by declaring macsmc_hwmon_write_f32() as __always_inline for a compile test.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5dd69b864911ae3847365e8bafe7854e79fbeecb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/625ef35b70d3883fb9a41cd5a988e64dd3e447d6
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver\n\nThe recently added macsmc-hwmon driver contained several critical\nbugs in its sensor population logic and float conversion routines.\n\nSpecifically:\n- The voltage sensor population loop used the wrong prefix (\"volt-\"\n  instead of \"voltage-\") and incorrectly assigned sensors to the\n  temperature sensor array (hwmon-\u003etemp.sensors) instead of the\n  voltage sensor array (hwmon-\u003evolt.sensors). This would lead to\n  out-of-bounds memory access or data corruption when both temperature\n  and voltage sensors were present.\n- The float conversion in macsmc_hwmon_write_f32() had flawed exponent\n  logic for values \u003e= 2^24 and lacked masking for the mantissa, which\n  could lead to incorrect values being written to the SMC.\n\nFix these issues to ensure correct sensor registration and reliable\nmanual fan control.\n\nConfirm that the reported overflow in FIELD_PREP is fixed by declaring\nmacsmc_hwmon_write_f32() as __always_inline for a compile test."
    }
  ],
  "id": "CVE-2026-23323",
  "lastModified": "2026-03-25T15:41:33.977",
  "metrics": {},
  "published": "2026-03-25T11:16:29.250",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5dd69b864911ae3847365e8bafe7854e79fbeecb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/625ef35b70d3883fb9a41cd5a988e64dd3e447d6"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.