Login Sign Up

CVE-2026-23187

N/A Unknown

📋 TL;DR

This CVE describes an out-of-bounds memory access vulnerability in the Linux kernel's imx8m-blk-ctrl power management domain driver. The flaw occurs during device removal when accessing the 'domains' array beyond its allocated bounds, potentially leading to kernel memory corruption. This affects systems running vulnerable Linux kernel versions with the imx8m-blk-ctrl driver enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE description, but patches exist in stable kernel trees.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with the imx8m-blk-ctrl driver enabled (typically i.MX8M-based systems).

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation if an attacker can trigger the vulnerable code path and manipulate memory corruption to execute arbitrary code.

🟠

Likely Case

System instability, kernel crashes, or denial of service when the affected driver's remove function is called during device hot-unplug or system shutdown.

🟢

If Mitigated

No impact if the vulnerable code path is not triggered or if the system doesn't use the affected driver.

🌐 Internet-Facing: LOW - This is a local kernel driver vulnerability requiring local access to trigger.
🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the vulnerability, leading to system instability or crashes.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to trigger the vulnerable code path during device removal. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits: 071159ff5c0b, 4390dcdabb5f, 6bd8b4a92a90, 7842b5dfcac8, eb54ce033b34)

Vendor Advisory: https://git.kernel.org/stable/c/071159ff5c0bf2e5efff79501e23faf3775cbcd1

Restart Required: Yes

Instructions:

1. Update to a patched Linux kernel version containing the fix commits. 2. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable imx8m-blk-ctrl driver

Linux

Prevent loading of the vulnerable driver module if not required.

echo 'blacklist imx8m_blk_ctrl' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

🧯 If You Can't Patch

  • Avoid hot-unplugging devices that use the imx8m-blk-ctrl driver
  • Implement strict access controls to limit who can trigger device removal operations

🔍 How to Verify

Check if Vulnerable:

Check if the imx8m_blk_ctrl module is loaded: 'lsmod | grep imx8m_blk_ctrl'. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify the kernel version includes the fix commits or is newer than the patched versions. Check dmesg for absence of related crashes.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Oops messages in dmesg
  • System crash logs

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

search 'kernel panic' OR 'Oops' OR 'general protection fault' in system logs

📊 Metadata

CVE ID: CVE-2026-23187
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON