HOMEVULNERABILITIESCVE-2026-23346
NONE

CVE-2026-23346

Published: March 25, 2026· Updated: Mar 25, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:3.9th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

arm64: io: Extract user memory type in ioremap_prot()

The only caller of ioremap_prot() outside of the generic ioremap()

implementation is generic_access_phys(), which passes a 'pgprot_t' value

determined from the user mapping of the target 'pfn' being accessed by

the kernel. On arm64, the 'pgprot_t' contains all of the non-address

bits from the pte, including the permission controls, and so we end up

returning a new user mapping from ioremap_prot() which faults when

accessed from the kernel on systems with PAN:

| Unable to handle kernel read from unreadable memory at virtual address ffff80008ea89000

| ...

| Call trace:

| __memcpy_fromio+0x80/0xf8

| generic_access_phys+0x20c/0x2b8

| __access_remote_vm+0x46c/0x5b8

| access_remote_vm+0x18/0x30

| environ_read+0x238/0x3e8

| vfs_read+0xe4/0x2b0

| ksys_read+0xcc/0x178

| __arm64_sys_read+0x4c/0x68

Extract only the memory type from the user 'pgprot_t' in ioremap_prot()

and assert that we're being passed a user mapping, to protect us against

any changes in future that may require additional handling. To avoid

falsely flagging users of ioremap(), provide our own ioremap() macro

which simply wraps __ioremap_prot().

NVD Source

Technical Analysis

CVE-2026-23346 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-23346
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23346 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.