Login Sign Up

CVE-2026-23196

N/A Unknown

📋 TL;DR

A Linux kernel vulnerability in the Intel THC HID driver could allow local attackers to cause a kernel panic or potentially execute arbitrary code by triggering a NULL pointer dereference when reading DMA buffers without proper safety checks. This affects systems using Intel Touch Host Controller hardware with vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux kernel with Intel THC HID driver enabled
Versions: Kernel versions before the fix commits (1e84a807c98a71f767fd1f609637bc5944f916cb and a9a917998d172ec117f9e9de1919174153c0ace4)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if Intel Touch Host Controller hardware is present and the intel-thc-hid driver is loaded/enabled.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, denial of service, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

Local denial of service through kernel panic or system crash when accessing the vulnerable driver.

🟢

If Mitigated

No impact if patched or if Intel THC hardware is not present/used.

🌐 Internet-Facing: LOW - Requires local access to the system, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this to crash systems or potentially gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of driver interaction. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 1e84a807c98a71f767fd1f609637bc5944f916cb and a9a917998d172ec117f9e9de1919174153c0ace4

Vendor Advisory: https://git.kernel.org/stable/c/1e84a807c98a71f767fd1f609637bc5944f916cb

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify driver is no longer vulnerable.

🔧 Temporary Workarounds

Disable Intel THC HID driver

Linux

Prevent loading of vulnerable driver module if Intel THC hardware is not needed

echo 'blacklist intel-thc-hid' >> /etc/modprobe.d/blacklist-intel-thc.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Restrict local user access to systems with Intel THC hardware
  • Implement strict privilege separation and monitor for suspicious local activity

🔍 How to Verify

Check if Vulnerable:

Check if intel-thc-hid module is loaded: lsmod | grep intel-thc-hid AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and intel-thc-hid module loads without errors

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • NULL pointer dereference errors in dmesg
  • Driver crash messages

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer" OR "kernel panic" OR "intel-thc")

📊 Metadata

CVE ID: CVE-2026-23196
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON