Skip to main content

Linux CVE-2026-23264

| EUVDEUVD-2026-12903 MEDIUM
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 29, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2026-12903
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:41 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"

This reverts commit 7294863a6f01248d72b61d38478978d638641bee.

This commit was erroneously applied again after commit 0ab5d711ec74 ("drm/amd: Refactor amdgpu_aspm to be evaluated per device") removed it, leading to very hard to debug crashes, when used with a system with two AMD GPUs of which only one supports ASPM.

(cherry picked from commit 97a9689300eb2b393ba5efc17c8e5db835917080)

AnalysisAI

A logic error in the Linux kernel's AMD GPU driver causes system crashes when two AMD GPUs are present and only one supports ASPM (Active State Power Management). The vulnerability stems from a commit that was erroneously reapplied after being removed in a prior refactoring, leading to incorrect ASPM state evaluation across multiple devices. Systems running affected Linux kernel versions with heterogeneous AMD GPU configurations (mixed ASPM support) will experience denial of service through kernel crashes.

Technical ContextAI

The vulnerability exists in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically in the AMD GPU driver (amdgpu). The affected code involves ASPM handling at the PCIe level, where the driver checks whether ASPM is enabled from the PCIe subsystem. Commit 7294863a6f01248d72b61d38478978d638641bee was reverted in commit 0ab5d711ec74 as part of a refactoring effort to evaluate ASPM per-device rather than globally. However, the problematic commit was erroneously reapplied, creating a regression. The root cause is a logic error in conditional state checking that fails when ASPM support differs between multiple GPU devices in the same system, violating the expected per-device evaluation model. This affects Linux kernel versions across all distributions as indicated by the CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*.

RemediationAI

Update the Linux kernel to a patched version containing one of the reversion commits (f02c9052aaa031ef3c2285d86a155d4263180ddd or its backports to stable branches d2bddc2da2b3ba5d738877c476bf97932dba32e8, 5b794951541e84d2968980a68dd1ac38420f75f3, 5f645222eb30c91135119e12eccfd1b8ea88140e, 243b467dea1735fed904c2e54d248a46fa417a2d). Most Linux distributions will provide kernel security updates in their respective patch releases; monitor vendor advisories for your distribution. Until patching is possible, systems with dual AMD GPUs should disable one GPU via BIOS or kernel parameters (e.g., modprobe blacklist) to prevent triggering the crash condition. Users can verify their kernel version against the referenced commit hashes at https://git.kernel.org/stable/ to determine if they are running a vulnerable version.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm fixed 6.1.164-1 -
bookworm (security) fixed 6.1.164-1 -
trixie fixed 6.12.73-1 -
trixie (security) fixed 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.10-1 -

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.145 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.132 Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.162 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.132 Affected
Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.176 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.125 Affected
Image SLES-Azure-Basic Image SLES-EC2 Image SLES-Hardened-BYOS-Azure Image SLES-SAPCAL-Azure Affected
SUSE Linux Micro 6.2 Fixed

Share

CVE-2026-23264 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy