Description
In the Linux kernel, the following vulnerability has been resolved:

hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver

The recently added macsmc-hwmon driver contained several critical
bugs in its sensor population logic and float conversion routines.

Specifically:
- The voltage sensor population loop used the wrong prefix ("volt-"
instead of "voltage-") and incorrectly assigned sensors to the
temperature sensor array (hwmon->temp.sensors) instead of the
voltage sensor array (hwmon->volt.sensors). This would lead to
out-of-bounds memory access or data corruption when both temperature
and voltage sensors were present.
- The float conversion in macsmc_hwmon_write_f32() had flawed exponent
logic for values >= 2^24 and lacked masking for the mantissa, which
could lead to incorrect values being written to the SMC.

Fix these issues to ensure correct sensor registration and reliable
manual fan control.

Confirm that the reported overflow in FIELD_PREP is fixed by declaring
macsmc_hwmon_write_f32() as __always_inline for a compile test.
Published: 2026-03-25
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption via out‑of‑bounds sensor registration and incorrect float writes
Action: Immediate Patch
AI Analysis

Impact

A regression in the Linux kernel's Apple Silicon SMC hardware‑monitor driver caused the voltage sensor population loop to use an incorrect prefix and to misplace voltage sensors into the temperature sensor array, triggering out‑of‑bounds memory accesses or data corruption when both sensor types were present. Additionally, the float conversion routine contained flawed exponent logic for large values and omitted mantissa masking, leading to incorrect values written to the SMC. These flaws could allow an attacker to corrupt kernel memory or supply inaccurate fan‑control data, potentially affecting system stability or privilege escalation.

Affected Systems

The issue is confined to Linux kernels that include the macsmc‑hwmon driver for Apple Silicon. Versions of the kernel that contain the new driver code—identified by the commit references in the advisory—are affected. The problem does not affect non‑Apple Silicon platforms or kernels lacking the macsmc driver.

Risk and Exploitability

The CVSS score is not disclosed, but the EPSS probability is reported as less than 1 % and the vulnerability is not listed in CISA’s KEV catalog, indicating a low but non‑negligible exploitation risk. The attack vector is likely local or requires interaction with the sensor subsystem; it would require an attacker to trigger the flawed sensor population or write logic, which is feasible for a local user with kernel access or through an application that can invoke the hwmon interface. Because the flaw involves kernel memory corruption, exploitation could lead to privilege escalation if successfully executed.

Generated by OpenCVE AI on March 26, 2026 at 13:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel release that incorporates the macsmc‑hwmon regression fix or patch the kernel source with the provided commit. If an immediate kernel update is not possible, consider compiling the specific patch manually and applying it to the running kernel. If the Apple Silicon SMC hwmon functionality is not required, disable or unload the macsmc‑hwmon module to eliminate the attack surface. Finally, monitor system logs for abnormal sensor readings or hwmon-related errors to detect potential exploitation attempts.

Generated by OpenCVE AI on March 26, 2026 at 13:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sensor population loop used the wrong prefix ("volt-" instead of "voltage-") and incorrectly assigned sensors to the temperature sensor array (hwmon->temp.sensors) instead of the voltage sensor array (hwmon->volt.sensors). This would lead to out-of-bounds memory access or data corruption when both temperature and voltage sensors were present. - The float conversion in macsmc_hwmon_write_f32() had flawed exponent logic for values >= 2^24 and lacked masking for the mantissa, which could lead to incorrect values being written to the SMC. Fix these issues to ensure correct sensor registration and reliable manual fan control. Confirm that the reported overflow in FIELD_PREP is fixed by declaring macsmc_hwmon_write_f32() as __always_inline for a compile test.
Title hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:04:39.552Z

Reserved: 2026-01-13T15:37:45.996Z

Link: CVE-2026-23323

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:29.250

Modified: 2026-04-23T21:05:18.993

Link: CVE-2026-23323

cve-icon Redhat

Severity :

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23323 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:49:48Z

Weaknesses