CVE-2026-23327 — Improper Validation of Specified Quantity in Input in Linux
Severity
7.1HIGH
No vectorEPSS
0.0%
top 93.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
cxl_payload_from_user_allowed() casts and dereferences the input
payload without first verifying its size. When a raw mailbox command
is sent with an undersized payload (ie: 1 byte for CXL_MBOX_OP_CLEAR_LOG,
which expects a 16-byte UUID), uuid_equal() reads past the allocated buffer,
triggering a KASAN splat:
BUG: KASAN: slab-out-of-b…
Affected Packages3 packages
▶CVEListV5linux/linux6179045ccc0c6229dc449afc1701dc7fbd40571f — 7c8a7b7f063b7e7ae9bba4cbaa14a5d2fe3a55e1+2
🔴Vulnerability Details
4GHSA▶
GHSA-2pc8-ghgj-6c2f: In the Linux kernel, the following vulnerability has been resolved:
cxl/mbox: validate payload size before accessing contents in cxl_payload_from_use↗2026-03-25
OSV▶
cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()↗2026-03-25
OSV▶
CVE-2026-23327: In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user↗2026-03-25
CVEList▶
cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()↗2026-03-25
📋Vendor Advisories
3Red Hat▶
kernel: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()↗2026-03-25
Microsoft▶
cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()↗2026-03-10
Debian▶
CVE-2026-23327: linux - In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: v...↗2026