HOMEVULNERABILITIESCVE-2026-23323
NONE

CVE-2026-23323

Published: March 25, 2026· Updated: Mar 25, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.7th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver

The recently added macsmc-hwmon driver contained several critical

bugs in its sensor population logic and float conversion routines.

Specifically:

- The voltage sensor population loop used the wrong prefix ("volt-"

instead of "voltage-") and incorrectly assigned sensors to the

temperature sensor array (hwmon->temp.sensors) instead of the

voltage sensor array (hwmon->volt.sensors). This would lead to

out-of-bounds memory access or data corruption when both temperature

and voltage sensors were present.

- The float conversion in macsmc_hwmon_write_f32() had flawed exponent

logic for values >= 2^24 and lacked masking for the mantissa, which

could lead to incorrect values being written to the SMC.

Fix these issues to ensure correct sensor registration and reliable

manual fan control.

Confirm that the reported overflow in FIELD_PREP is fixed by declaring

macsmc_hwmon_write_f32() as __always_inline for a compile test.

NVD Source

Technical Analysis

CVE-2026-23323 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
AppleLinux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2026-23323
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23323 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.