CVE-2026-23346
Kernel Memory Access Fault in arm64 ioremap_prot() Function
Publication date: 2026-03-25
Last updated on: 2026-04-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.0.1 (inc) to 6.18.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's arm64 architecture related to the function ioremap_prot(). The issue arises because the function incorrectly handles the 'pgprot_t' value, which contains permission controls and other non-address bits from the page table entry (pte). Specifically, the function returns a new user memory mapping that causes faults when accessed from the kernel on systems with PAN (Privileged Access Never) enabled.
The vulnerability is fixed by extracting only the memory type from the user 'pgprot_t' in ioremap_prot() and ensuring that the mapping passed is indeed a user mapping. This prevents kernel faults caused by improper permission handling and protects against future changes that might require additional handling.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to fault or crash when it attempts to access certain user memory mappings incorrectly on arm64 systems with PAN enabled. This can lead to system instability or denial of service due to kernel read faults from unreadable memory.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as a kernel fault when accessing certain memory mappings on arm64 systems with PAN enabled. Specifically, you may observe kernel error messages similar to:
- Unable to handle kernel read from unreadable memory at virtual address ffff80008ea89000
- Call trace involving __memcpy_fromio, generic_access_phys, and related functions
To detect this issue, monitor your system logs (e.g., using dmesg or journalctl) for such kernel faults or call traces related to ioremap_prot() or generic_access_phys().
There are no specific commands provided in the available information to directly detect this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by modifying the Linux kernel to correctly extract only the memory type from the user 'pgprot_t' in ioremap_prot() and by asserting that the mapping is a user mapping.
Immediate mitigation steps include updating your Linux kernel to a version that contains this fix.
No other specific mitigation steps or workarounds are provided in the available information.