Login Sign Up

CVE-2026-23156

N/A Unknown

📋 TL;DR

A Linux kernel vulnerability in the efivarfs subsystem where efivar_entry_get() fails to properly propagate errors from __efivar_entry_get(). This allows uninitialized heap memory to be copied to userspace via efivarfs_file_read(), potentially leaking sensitive kernel memory. Systems running affected Linux kernel versions with efivarfs enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE description, but patches exist in stable kernel trees.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires efivarfs to be mounted and accessible. Typically only accessible to root or privileged users.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory information disclosure leading to privilege escalation or system compromise if combined with other vulnerabilities.

🟠

Likely Case

Information disclosure of kernel memory contents, potentially exposing sensitive data like encryption keys or memory addresses.

🟢

If Mitigated

Minimal impact with proper access controls limiting efivarfs access to privileged users only.

🌐 Internet-Facing: LOW - Requires local access to the system and specific permissions to access efivarfs.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this to gather kernel memory information.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to read from efivarfs, typically requiring elevated privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel versions referenced in the git commits

Vendor Advisory: https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Restrict efivarfs access

Linux

Limit access to efivarfs filesystem to prevent exploitation

chmod 600 /sys/firmware/efi/efivars/*
mount -o remount,noexec,nosuid /sys/firmware/efi/efivars

🧯 If You Can't Patch

  • Implement strict access controls on efivarfs directories
  • Monitor for unusual access patterns to efivarfs files

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if efivarfs is accessible. Vulnerable if running unpatched kernel with efivarfs mounted.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to a patched version and test efivarfs functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual read operations on efivarfs files by non-privileged users
  • Kernel oops or warnings related to efivarfs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

process.name="cat" AND file.path="/sys/firmware/efi/efivars/*" AND user.name!="root"

📊 Metadata

CVE ID: CVE-2026-23156
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON