Login Sign Up

CVE-2026-23178

N/A Unknown
Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability exists in the Linux kernel's i2c-hid driver where the i2c_hid_get_report() function can read more data than allocated in the buffer. This could allow local attackers with root access to cause kernel crashes or potentially execute arbitrary code. Only systems with hidraw devices accessible to root users are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with i2c-hid devices and hidraw driver usage. Root access required to access hidraw devices.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.

🟠

Likely Case

Kernel panic or system crash due to buffer overflow, causing denial of service.

🟢

If Mitigated

No impact since access requires root privileges and proper access controls prevent unauthorized hidraw access.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring root access, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local attackers with root access could exploit this, but root access already provides extensive system control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires root access to trigger the buffer overflow through hidraw interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 2124279f1f8c32c1646ce98e75a1a39b23b7db76, 2497ff38c530b1af0df5130ca9f5ab22c5e92f29, 786ec171788bdf9dda38789163f1b1fbb47f2d1e, cff3f619fd1cb40cdd89971df9001f075613d219, f9c9ad89d845f88a1509e9d672f65d234425fde9

Vendor Advisory: https://git.kernel.org/stable/c/2124279f1f8c32c1646ce98e75a1a39b23b7db76

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Restrict hidraw device access

Linux

Limit access to hidraw devices to prevent root users from triggering the vulnerability

chmod 600 /dev/hidraw*
setfacl -m u:root:rw /dev/hidraw*

🧯 If You Can't Patch

  • Restrict access to hidraw devices to only essential users
  • Monitor system logs for kernel panic or crash events

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's security advisories for i2c-hid fixes

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check with 'modinfo i2c_hid' for version information

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • System crash/reboot events
  • OOM killer activity

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2026-23178
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON