What is CVE-2026-23116?

CVE-2026-23116 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 5.18 onward and patched in 6.1.162, 6.6.122, 6.12.68 and others. CVE-2026-23116 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-23116?

CVE-2026-23116 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2026-23116?

Yes, CVE-2026-23116 has been patched. Fixed versions include 6.1.162, 6.6.122, 6.12.68 and others. If you are running Linux kernel 5.18 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-23116 actively exploited?

CVE-2026-23116 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-23116

Medium

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and reset together with the VPUs. So we can't reset G1 or G2 separately, it may led to the system hang. Remove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data. Let imx8mq_vpu_power_notifier() do really vpu reset.

Package Linux Kernel

Published 2026-02-14

Last modified 2026-03-18

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected versions

Linux kernel versions 5.18 and later are affected. Fixed in 6.1.162, 6.6.122, 6.12.68, 6.18.8, 6.19 and their respective stable series.

Affected from

≥ 5.18

Fixed in

✓ 6.1.162 6.1.x ✓ 6.6.122 6.6.x ✓ 6.12.68 6.12.x ✓ 6.18.8 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2026-23116 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/3de49966499634454fd59e0e6fecd50baab7febd
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5c56a6f4b5a4f87c094c92a30fa17e28e37ec2ab
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8859e336d233e61a4c40d40dc6a9f21e8b9b719c
Patch

5 patch commits total View all on NVD

Details

CVE ID CVE-2026-23116

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2026-02-14

Modified 2026-03-18

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2026-23116?

CVE-2026-23116 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 5.18 onward and has been patched in 6.1.162, 6.6.122, 6.12.68 and others. CVE-2026-23116 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2026-23116?

CVE-2026-23116 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2026-23116?

Yes — CVE-2026-23116 has been patched. Fixed versions include 6.1.162, 6.6.122, 6.12.68 and others. If you are running Linux kernel 5.18 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-23116 actively exploited?

No — CVE-2026-23116 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.