{"id":"CVE-2026-23056","summary":"uacce: implement mremap in uacce_vm_ops to return -EPERM","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: implement mremap in uacce_vm_ops to return -EPERM\n\nThe current uacce_vm_ops does not support the mremap operation of\nvm_operations_struct. Implement .mremap to return -EPERM to remind\nusers.\n\nThe reason we need to explicitly disable mremap is that when the\ndriver does not implement .mremap, it uses the default mremap\nmethod. This could lead to a risk scenario:\n\nAn application might first mmap address p1, then mremap to p2,\nfollowed by munmap(p1), and finally munmap(p2). Since the default\nmremap copies the original vma's vm_private_data (i.e., q) to the\nnew vma, both munmap operations would trigger vma_close, causing\nq-\u003eqfr to be freed twice(qfr will be set to null here, so repeated\nrelease is ok).","modified":"2026-04-02T17:30:32.556437Z","published":"2026-02-04T16:07:34.787Z","related":["SUSE-SU-2026:0962-1","SUSE-SU-2026:1081-1","SUSE-SU-2026:20667-1","SUSE-SU-2026:20720-1","SUSE-SU-2026:20838-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","SUSE-SU-2026:20931-1","openSUSE-SU-2026:20416-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23056.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/02695347be532b628f22488300d40c4eba48b9b7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4c042bc71474dbe417c268f4bfb8ec196f802f07"},{"type":"WEB","url":"https://git.kernel.org/stable/c/75b29bdc935ff93b8e8bf6f6b4d8a4810b26e06f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/78d99f062d42e3af2ca46bde1a8e46e0dfd372e3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a407ddd61b3e6afc5ccfcd1478797171cf5686ee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ba29b59d124e725e0377f09b2044909c91d657a1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ebfa85658a39b49ec3901ceea7535b73aa0429e6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23056.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23056"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"015d239ac0142ad0e26567fd890ef8d171f13709"},{"fixed":"78d99f062d42e3af2ca46bde1a8e46e0dfd372e3"},{"fixed":"ebfa85658a39b49ec3901ceea7535b73aa0429e6"},{"fixed":"75b29bdc935ff93b8e8bf6f6b4d8a4810b26e06f"},{"fixed":"4c042bc71474dbe417c268f4bfb8ec196f802f07"},{"fixed":"a407ddd61b3e6afc5ccfcd1478797171cf5686ee"},{"fixed":"ba29b59d124e725e0377f09b2044909c91d657a1"},{"fixed":"02695347be532b628f22488300d40c4eba48b9b7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23056.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.7.0"},{"fixed":"5.10.249"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.199"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.162"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.122"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.68"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23056.json"}}],"schema_version":"1.7.5"}