7.8

CVE-2026-23156

efivarfs: fix error propagation in efivar_entry_get()

In the Linux kernel, the following vulnerability has been resolved:

efivarfs: fix error propagation in efivar_entry_get()

efivar_entry_get() always returns success even if the underlying
__efivar_entry_get() fails, masking errors.

This may result in uninitialized heap memory being copied to userspace
in the efivarfs_file_read() path.

Fix it by returning the error from __efivar_entry_get().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.0 < 6.1.162
LinuxLinux Kernel Version >= 6.2 < 6.6.123
LinuxLinux Kernel Version >= 6.7 < 6.12.69
LinuxLinux Kernel Version >= 6.13 < 6.18.9
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.021
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/3960f1754664661a970dc9ebbab44ff93a0b4c42
Patch
https://git.kernel.org/stable/c/4b22ec1685ce1fc0d862dcda3225d852fb107995
Patch
https://git.kernel.org/stable/c/510a16f1c5c1690b33504052bc13fbc2772c23f8
Patch
https://git.kernel.org/stable/c/89b8ca709eeeabcc11ebba64806677873a2787a8
Patch
https://git.kernel.org/stable/c/e4e15a0a4403c96d9898d8398f0640421df9cb16
Patch