Vulnerability in Linux Kernel Affecting Graphics Driver Management by VMware
CVE-2026-23317

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-23317?

A vulnerability exists in the Linux Kernel's graphics driver management related to the vmw_translate_ptr functions. The functions previously relied on a lookup that returned a pointer, which changed to a method returning an error code with the pointer as an out parameter. However, the error path was not updated accordingly, leading to the potential for these functions to signal success despite actual failures, ultimately resulting in uninitialized pointer dereferences and out-of-bounds memory accesses. This flaw can compromise system stability and security, underlining the need for prompt updates and mitigations.

Affected Version(s)

Linux 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a

Linux a309c7194e8a2f8bd4539b9449917913f6c2cd50 < 7e55d0788b362c93660b80cc5603031bbbdefa98

Linux a309c7194e8a2f8bd4539b9449917913f6c2cd50 < 36cb28b6d303a81e6ed4536017090e85e0143e42

References

https://git.kernel.org/stable/c/ce3a5cf139787c186d5d54336...

https://git.kernel.org/stable/c/7e55d0788b362c93660b80cc5...

https://git.kernel.org/stable/c/36cb28b6d303a81e6ed453601...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 13, 2026

CVE-2026-23317 Data

JSON