CVE-2026-23007 — Use of Uninitialized Resource in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 25
Description
In the Linux kernel, the following vulnerability has been resolved:
block: zero non-PI portion of auto integrity buffer
The auto-generated integrity buffer for writes needs to be fully
initialized before being passed to the underlying block device,
otherwise the uninitialized memory can be read back by userspace or
anyone with physical access to the storage device. If protection
information is generated, that portion of the integrity buffer is
already initialized. The integrity data is also ze…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linuxc546d6f438338017480d105ab597292da67f6f6a — d6072557b90e0c557df319a56f4a9dc482706d2c+2
Patches
🔴Vulnerability Details
3OSV▶
CVE-2026-23007: In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity b↗2026-01-25
GHSA▶
GHSA-2mvm-xgm9-r324: In the Linux kernel, the following vulnerability has been resolved:
block: zero non-PI portion of auto integrity buffer
The auto-generated integrity↗2026-01-25