CVE-2026-23236 PUBLISHED

fbdev: smscufx: properly copy ioctl memory to kernelspace

Assigner: Linux
Reserved: 13.01.2026 Published: 04.03.2026 Updated: 04.03.2026

In the Linux kernel, the following vulnerability has been resolved:

fbdev: smscufx: properly copy ioctl memory to kernelspace

The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid data is passed from userspace. Fix this all up by correctly copying the memory before accessing it within the kernel.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 061cfeb560aa3ddc174153dbe5be9d0b55eb7248 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 6167af934f956d3ae1e06d61f45cd0d1004bbe1a (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to a0321e6e58facb39fe191caa0e52ed9aab6a48fe (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 0634e8d650993602fc5b389ff7ac525f6542e141 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 52917e265aa5f848212f60fc50fc504d8ef12866 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 1c008ad0f0d1c1523902b9cdb08e404129677bfc (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to f1e91bd4efeae48b0f42caed7e8ce2e3a0d05b02 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 120adae7b42faa641179270c067864544a50ab69 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 5.10.251 to 5.10.* (incl.)
  • unaffected from 5.15.201 to 5.15.* (incl.)
  • unaffected from 6.1.164 to 6.1.* (incl.)
  • unaffected from 6.6.127 to 6.6.* (incl.)
  • unaffected from 6.12.74 to 6.12.* (incl.)
  • unaffected from 6.18.13 to 6.18.* (incl.)
  • unaffected from 6.19.3 to 6.19.* (incl.)
  • unaffected from 7.0-rc1 to * (incl.)

References