Linux Kernel Vulnerability in AMD XDNA Command Slot Handling
CVE-2026-23288

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-23288?

The vulnerability in the Linux kernel pertains to the AMD XDNA component, where an out-of-bounds write can occur in command slot handling. An oversight in the implementation allowed the command header to be cleared using memset() before confirming the available space in the command slot. This could result in a memory corruption scenario. The resolution involved moving the memset() operation to after the size validation to prevent such occurrences, thereby enhancing the security of the system.

Affected Version(s)

Linux 13ae1a6000f7d8b09478e3128e87d45e89c7282f

Linux 3d32eb7a5ecff92d83a5fd34c45c171c17d3d5d0 < 1110a949675ebd56b3f0286e664ea543f745801c

Linux 6.19.4 < 6.19.7

References

https://git.kernel.org/stable/c/cca770d710d5e03bc814af585...

https://git.kernel.org/stable/c/1110a949675ebd56b3f0286e6...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 13, 2026

CVE-2026-23288 Data

JSON