Description
In the Linux kernel, the following vulnerability has been resolved:

efivarfs: fix error propagation in efivar_entry_get()

efivar_entry_get() always returns success even if the underlying
__efivar_entry_get() fails, masking errors.

This may result in uninitialized heap memory being copied to userspace
in the efivarfs_file_read() path.

Fix it by returning the error from __efivar_entry_get().
Published: 2026-02-14
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The Linux kernel efivarfs implementation returned success even when an internal lookup failed, allowing the read path to copy uninitialized heap memory into userspace. An attacker who can read efivarfs entries could thus learn kernel data that should not be exposed. This flaw is a classic case of information exposure, identified as CWE-200.

Affected Systems

All Linux kernel releases containing the buggy efivarfs code are vulnerable, including kernel 6.19 release candidates up to rc7 as shown by the CPE list. Systems running any unpatched kernel may therefore expose kernel memory contents through the /sys/firmware/efi/efivars interface.

Risk and Exploitability

With a CVSS score of 7.8 the vulnerability is classified as high severity, but its EPSS score of <1% indicates exploitation is currently unlikely. The flaw is local, requiring read access to efivarfs, which is normally restricted to privileged users. If the filesystem is mounted with broader permissions or an attacker gains such read access, sensitive kernel data could be leaked. The vulnerability is not listed in the CISA KEV catalog and no active exploit is documented.

Generated by OpenCVE AI on April 18, 2026 at 12:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the efivarfs error‑propagation patch.
  • Ensure /sys/firmware/efi/efivars is mounted with restrictive permissions so that only privileged users can read it.
  • If a kernel upgrade cannot be applied immediately, change the ownership or file mode of /sys/firmware/efi/efivars to prevent unprivileged read access.

Generated by OpenCVE AI on April 18, 2026 at 12:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-457

Wed, 18 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Sat, 14 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory being copied to userspace in the efivarfs_file_read() path. Fix it by returning the error from __efivar_entry_get().
Title efivarfs: fix error propagation in efivar_entry_get()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T16:01:23.215Z

Reserved: 2026-01-13T15:37:45.978Z

Link: CVE-2026-23156

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T16:15:55.760

Modified: 2026-03-18T14:40:43.860

Link: CVE-2026-23156

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23156 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:30:45Z

Weaknesses