CVE-2026-23094
Improper Sysfs Access in Linux uacce Causes System Crash
Publication date: 2026-02-04
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.7 (inc) to 6.12.68 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.8 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.3 (inc) to 6.6.122 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's uacce subsystem, which supports device isolation features. The issue arises because sysfs files are created if either the isolate_err_threshold_read or isolate_err_threshold_write callback functions are present. However, if a callback function does not actually exist and is accessed, it can cause the system to crash. The fix involves preventing the creation of sysfs files when neither callback function exists, and intercepting unsupported operations at the call site to avoid crashes.
How can this vulnerability impact me? :
This vulnerability can cause the system to crash if sysfs files are accessed when the corresponding callback functions are not implemented. Such crashes can lead to system instability, potential downtime, and disruption of services relying on the Linux kernel's uacce device isolation features.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know