Login Sign Up

CVE-2026-23194

N/A Unknown

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's Binder IPC subsystem allows specially crafted empty file descriptor array objects to trigger out-of-bounds writes. This affects Linux systems using the Binder IPC mechanism, primarily Android devices and Linux systems with Binder enabled.

💻 Affected Systems

Products:
  • Linux kernel with Binder IPC support
Versions: Kernel versions with vulnerable rust_binder implementation (specific commit range not specified in CVE)
Operating Systems: Linux distributions with Binder enabled, Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where Binder IPC is enabled and used. Android devices are particularly affected as Binder is core to Android IPC.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to privilege escalation, denial of service, or arbitrary code execution in kernel context.

🟠

Likely Case

Kernel panic or system crash resulting in denial of service, with potential for privilege escalation in sophisticated attacks.

🟢

If Mitigated

EINVAL error returned to userspace preventing exploitation, but still represents a kernel bug that could be leveraged.

🌐 Internet-Facing: LOW - Requires local access or compromised application to exploit.
🏢 Internal Only: MEDIUM - Local attackers or malicious applications could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to craft specific Binder IPC calls. The bug was discovered through code analysis rather than active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 598fe3ff32e43918ed8a062f55432b3d23e6340c and 8f589c9c3be539d6c2b393c82940c3783831082f applied

Vendor Advisory: https://git.kernel.org/stable/c/598fe3ff32e43918ed8a062f55432b3d23e6340c

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. For Android devices, wait for vendor security update. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable Binder IPC if not needed

Linux

Remove or disable Binder kernel module if not required for system functionality

modprobe -r binder
echo 'blacklist binder' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Restrict access to Binder IPC to trusted applications only
  • Implement strict SELinux/AppArmor policies to limit Binder usage

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if Binder is enabled: 'lsmod | grep binder' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: 'git log --oneline | grep -E "598fe3ff32e4|8f589c9c3be5"' on kernel source

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • EINVAL errors from Binder subsystem in dmesg
  • Out-of-bounds memory access warnings

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("binder" AND ("EINVAL" OR "out of bounds" OR "panic"))

📊 Metadata

CVE ID: CVE-2026-23194
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON