CVE-2026-23194

CWE-787Out-of-bounds Write7 documents7 sources
Severity
7.8HIGH
EPSS
0.0%
top 96.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: rust_binder: correctly handle FDA objects of length zero Fix a bug where an empty FDA (fd array) object with 0 fds would cause an out-of-bounds error. The previous implementation used `skip == 0` to mean "this is a pointer fixup", but 0 is also the correct skip length for an empty FDA. If the FDA is at the end of the buffer, then this results in an attempt to write 8-bytes out of bounds. This is caught and results in an EINVAL

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel6.186.18.10+1
CVEListV5linux/linuxeafedbc7c050c44744fbdf80bdf3315e860b7513598fe3ff32e43918ed8a062f55432b3d23e6340c+2
Debianlinux< 6.18.10-1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
rust_binder: correctly handle FDA objects of length zero2026-02-14
OSV
CVE-2026-23194: In the Linux kernel, the following vulnerability has been resolved: rust_binder: correctly handle FDA objects of length zero Fix a bug where an empty2026-02-14
GHSA
GHSA-cgrj-w8m6-f297: In the Linux kernel, the following vulnerability has been resolved: rust_binder: correctly handle FDA objects of length zero Fix a bug where an empt2026-02-14

📋Vendor Advisories

2
Red Hat
kernel: rust_binder: correctly handle FDA objects of length zero2026-02-14
Debian
CVE-2026-23194: linux - In the Linux kernel, the following vulnerability has been resolved: rust_binder...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23194 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23194 (HIGH CVSS 7.8) | In the Linux kernel | cvebase.io