Description
In the Linux kernel, the following vulnerability has been resolved:

pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains

Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove().
Published: 2026-02-14
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Out‑of‑Bounds Access
Action: Patch
AI Analysis

Impact

The kernel contains an out‑of‑range memory read in the IMX8M block controller removal routine, which can cause the kernel to access invalid memory. Such an access can lead to a crash or, in the worst case, provide an attacker with a vector for memory corruption. The flaw represents a typical bounds checking failure (CWE‑125).

Affected Systems

All Linux kernel releases that include the imx8m_blk_ctrl driver prior to the applied fix are affected. The vulnerability applies to kernel versions 6.19-rc1 through 6.19-rc8 and to any build matching the generic Linux kernel identifier. Unpatched kernels that load the block controller module are vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact if successfully exploited. The EPSS score is below 1%, suggesting that active exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack requires a user with kernel module load or remove privileges, implying a local or privileged exploit. An attacker with sufficient privileges could trigger the fault by removing the block controller module, which could lead to a denial of service or, in a more advanced scenario, memory corruption.

Generated by OpenCVE AI on April 18, 2026 at 12:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest stable kernel release that contains the fix for imx8m_blk_ctrl.
  • If an immediate kernel upgrade is not possible, disable or prevent unloading of the imx8m_blk_ctrl module until the fix is available.
  • Consider blacklisting the imx8m_blk_ctrl module to prevent it from auto-loading on systems where it is not required, until the kernel patch is applied.

Generated by OpenCVE AI on April 18, 2026 at 12:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4499-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6141-1 linux security update
Debian DSA Debian DSA DSA-6163-1 linux security update
History

Thu, 19 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Sat, 14 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove().
Title pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T16:27:16.200Z

Reserved: 2026-01-13T15:37:45.985Z

Link: CVE-2026-23187

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T17:15:56.490

Modified: 2026-03-19T18:04:36.990

Link: CVE-2026-23187

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23187 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:15:15Z

Weaknesses