CVE-2026-23346Type Confusion in Linux

CWE-843Type Confusion9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 94.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremap_prot() The only caller of ioremap_prot() outside of the generic ioremap() implementation is generic_access_phys(), which passes a 'pgprot_t' value determined from the user mapping of the target 'pfn' being accessed by the kernel. On arm64, the 'pgprot_t' contains all of the non-address bits from the pte, including the permission controls, and so we end up returning a new user mapp

Affected Packages3 packages

Linuxlinux/linux_kernel6.0.06.18.17+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux893dea9ccd08dab924839354aba21d4ed7a9abc03d64dcc0799c2d6921ba027716b7be721eb19fa8+3

🔴Vulnerability Details

4
GHSA
GHSA-xqp7-9gqv-6978: In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremap_prot() The only caller of ioremap2026-03-25
CVEList
arm64: io: Extract user memory type in ioremap_prot()2026-03-25
OSV
arm64: io: Extract user memory type in ioremap_prot()2026-03-25
OSV
CVE-2026-23346: In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremap_prot() The only caller of ioremap_p2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: arm64: io: Extract user memory type in ioremap_prot()2026-03-25
Microsoft
arm64: io: Extract user memory type in ioremap_prot()2026-03-10
Debian
CVE-2026-23346: linux - In the Linux kernel, the following vulnerability has been resolved: arm64: io: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23346 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23346 — Type Confusion in Linux | cvebase