CVE-2026-23317

Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that returned an error code with the pointer becoming an out parameter.

The error path when the lookup failed was not changed to reflect this change and the code continued to return the PTRERR of the now uninitialized pointer. This could cause the vmwtranslate_ptr functions to return success when they actually failed causing further uninitialized and OOB accesses.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23317.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7ac9578e45b20e3f3c0c8eb71f5417a499a7226a

Fixed

ce3a5cf139787c186d5d54336107298cacaad2b9

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a309c7194e8a2f8bd4539b9449917913f6c2cd50

Fixed

7e55d0788b362c93660b80cc5603031bbbdefa98

Fixed

36cb28b6d303a81e6ed4536017090e85e0143e42

Fixed

531f45589787799aa81b63e1e1f8e71db5d93dd1

Fixed

149f028772fa2879d9316b924ce948a6a0877e45

Fixed

5023ca80f9589295cb60735016e39fc5cc714243

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23317.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.167

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.130

Fixed

6.12.77

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.18.17

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.19.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23317.json"