CVE-2026-23235

CWE-125Out-of-bounds Read8 documents8 sources
Severity
7.1HIGH
EPSS
0.0%
top 96.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedMar 4
Latest updateMar 10

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm:~# echo 65537 > /sys/fs/f2fs/vde/carve_out vm:~# cat /sys/fs/f2fs/vde/carve_out 65537 vm:~# echo 4294967297 > /sys/fs/f2fs/vde/atgc_age_threshold vm:~# cat /sys/fs/f2fs/vde/atgc_age_threshold 1 carve_out maps to {str

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel3.125.10.251+6
CVEListV5linux/linuxb59d0bae6ca30c496f298881616258f9cde0d9c6e85a99db9ab85dfc30d93b0ca0e9156f3127f55a+8
Debianlinux< 5.10.251-1+3
Debianlinux-6.1< 6.1.164-1~deb11u1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-39w6-g297-pmf5: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs att2026-03-04
OSV
CVE-2026-23235: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attri2026-03-04
CVEList
f2fs: fix out-of-bounds access in sysfs attribute read/write2026-03-04

📋Vendor Advisories

3
Microsoft
f2fs: fix out-of-bounds access in sysfs attribute read/write2026-03-10
Red Hat
kernel: f2fs: fix out-of-bounds access in sysfs attribute read/write2026-03-04
Debian
CVE-2026-23235: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix o...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23235 Impact, Exploitability, and Mitigation Steps | Wiz