PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23346 Linux CVE debrief

A vulnerability was found in the Linux kernel, specifically affecting the arm64 architecture. The issue arises from the ioremap_prot() function, which is used to create a kernel mapping of a physical address with specific protection flags. The function was incorrectly returning a user mapping, leading to a fault when accessed from the kernel. This could potentially allow a local attacker to access sensitive information or cause a denial of service.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-06-09
Advisory published
2026-03-25
Advisory updated
2026-06-09

Who should care

Users of the Linux kernel on arm64 architecture should be aware of this vulnerability. Specifically, those using kernel versions between 6.0.1 and 6.18.17, 6.19 and 6.19.7, or 7.0 rc1 through rc7 are affected.

Technical summary

The vulnerability is caused by the ioremap_prot() function incorrectly extracting the memory type from a user 'pgprot_t' value. This results in a new user mapping being returned, which faults when accessed from the kernel. To fix this, the function was modified to extract only the memory type from the user 'pgprot_t' and assert that a user mapping is being passed.

Defensive priority

Medium

Recommended defensive actions

  • Apply the patches provided by the Linux kernel maintainers [ref-4], [ref-5], [ref-6].
  • Update to a kernel version that includes the fix, such as Linux kernel version 6.18.18 or later, 6.19.8 or later, or 7.0 rc8 or later.

Evidence notes

The CVE was published on March 25, 2026, and last modified on June 9, 2026. The vulnerability has a CVSS score of 5.5 and is classified as MEDIUM severity.

Official resources

CVE-2026-23346 was published on 2026-03-25T11:16:32.767Z and last modified on 2026-06-09T11:16:49.857Z.