Login Sign Up

CVE-2026-23222

N/A Unknown
Buffer Overflow

📋 TL;DR

A memory allocation vulnerability in the Linux kernel's OMAP crypto driver causes scatterlist arrays to be allocated 4x smaller than required. This leads to buffer overflow conditions when processing cryptographic operations. Systems using affected Linux kernel versions with OMAP crypto functionality are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel with OMAP crypto driver
Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with OMAP hardware using the vulnerable crypto driver. Most modern systems may not use OMAP architecture.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to system crash, privilege escalation, or arbitrary code execution at kernel level.

🟠

Likely Case

System instability, kernel panics, or denial of service when cryptographic operations are performed on affected hardware.

🟢

If Mitigated

Minimal impact if OMAP crypto functionality is disabled or not in use.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger cryptographic operations on affected hardware.
🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability on affected systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering cryptographic operations on affected hardware. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 2ed27b5a1174351148c3adbfc0cd86d54072ba2e, 6edf8df4bd29f7bfd245b67b2c31d905f1cfc14b, c184341920ed78b6466360ed7b45b8922586c38f, or d1836c628cb72734eb5f7dfd4c996a9c18bba3ad

Vendor Advisory: https://git.kernel.org/stable/c/2ed27b5a1174351148c3adbfc0cd86d54072ba2e

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable OMAP crypto module

linux

Prevent loading of the vulnerable OMAP crypto driver

echo 'blacklist omap_crypto' >> /etc/modprobe.d/blacklist-omap.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Disable OMAP crypto functionality if not required
  • Restrict access to systems to prevent local exploitation

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if OMAP crypto module is loaded: lsmod | grep omap_crypto

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commits and OMAP crypto module loads without errors

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • segmentation faults in kernel logs
  • crypto operation failures

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "segfault" OR "omap_crypto")

📊 Metadata

CVE ID: CVE-2026-23222
CVSS v3 Score: N/A (Unknown)
Published: February 18, 2026
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON