Linux kernel efivarfs: Uninitialized heap copy from error masking
CVE-2026-23156 Published on February 14, 2026
efivarfs: fix error propagation in efivar_entry_get()
In the Linux kernel, the following vulnerability has been resolved:
efivarfs: fix error propagation in efivar_entry_get()
efivar_entry_get() always returns success even if the underlying
__efivar_entry_get() fails, masking errors.
This may result in uninitialized heap memory being copied to userspace
in the efivarfs_file_read() path.
Fix it by returning the error from __efivar_entry_get().
Products Associated with CVE-2026-23156
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Linux Kernel. Just hit a watch button to start following.
Affected Versions
Linux:- Version 2d82e6227ea189c0589e7383a36616ac2a2d248c and below 3960f1754664661a970dc9ebbab44ff93a0b4c42 is affected.
- Version 2d82e6227ea189c0589e7383a36616ac2a2d248c and below 510a16f1c5c1690b33504052bc13fbc2772c23f8 is affected.
- Version 2d82e6227ea189c0589e7383a36616ac2a2d248c and below 89b8ca709eeeabcc11ebba64806677873a2787a8 is affected.
- Version 2d82e6227ea189c0589e7383a36616ac2a2d248c and below e4e15a0a4403c96d9898d8398f0640421df9cb16 is affected.
- Version 2d82e6227ea189c0589e7383a36616ac2a2d248c and below 4b22ec1685ce1fc0d862dcda3225d852fb107995 is affected.
- Version 6.0 is affected.
- Before 6.0 is unaffected.
- Version 6.1.162, <= 6.1.* is unaffected.
- Version 6.6.123, <= 6.6.* is unaffected.
- Version 6.12.69, <= 6.12.* is unaffected.
- Version 6.18.9, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.