CVE-2026-23323
Received Received - Intake
Out-of-Bounds Access in Linux macsmc-hwmon Driver Causes Data Corruption

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sensor population loop used the wrong prefix ("volt-" instead of "voltage-") and incorrectly assigned sensors to the temperature sensor array (hwmon->temp.sensors) instead of the voltage sensor array (hwmon->volt.sensors). This would lead to out-of-bounds memory access or data corruption when both temperature and voltage sensors were present. - The float conversion in macsmc_hwmon_write_f32() had flawed exponent logic for values >= 2^24 and lacked masking for the mantissa, which could lead to incorrect values being written to the SMC. Fix these issues to ensure correct sensor registration and reliable manual fan control. Confirm that the reported overflow in FIELD_PREP is fixed by declaring macsmc_hwmon_write_f32() as __always_inline for a compile test.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2026-03-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23323
EUVD
EUVD-2026-15276
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19.1 (inc) to 6.19.7 (exc)
linux linux_kernel 6.19
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's macsmc-hwmon driver, which is responsible for monitoring hardware sensors on Apple Silicon devices.

The driver had critical bugs in how it handled sensor data: it used the wrong prefix for voltage sensors and incorrectly assigned voltage sensors to the temperature sensor array. This caused out-of-bounds memory access or data corruption when both temperature and voltage sensors were present.

Additionally, the function responsible for converting floating-point values (macsmc_hwmon_write_f32) had flawed logic for handling large exponent values and lacked proper masking for the mantissa, which could result in incorrect values being written to the System Management Controller (SMC).

These issues were fixed to ensure correct sensor registration and reliable manual fan control.


How can this vulnerability impact me? :

The vulnerability can lead to out-of-bounds memory access or data corruption in the hardware monitoring driver.

This could cause incorrect sensor readings, which may affect system monitoring and manual fan control on Apple Silicon devices running the affected Linux kernel.

Incorrect sensor data or corrupted memory could potentially lead to system instability or hardware overheating if fan control is compromised.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by correcting the macsmc-hwmon driver in the Linux kernel. Immediate mitigation involves updating the Linux kernel to a version that includes the fix for the macsmc-hwmon driver bugs.

Specifically, the fix addresses incorrect sensor population logic and float conversion routines in the Apple Silicon SMC hwmon driver, preventing out-of-bounds memory access and data corruption.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart