Skip to main content

Linux EUVDEUVD-2026-15216

| CVE-2026-23288 HIGH
Out-of-bounds Read (CWE-125)
2026-03-25 Linux
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
6.1 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15216
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:26 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix out-of-bounds memset in command slot handling

The remaining space in a command slot may be smaller than the size of the command header. Clearing the command header with memset() before verifying the available slot space can result in an out-of-bounds write and memory corruption.

Fix this by moving the memset() call after the size validation.

AnalysisAI

An out-of-bounds memory write vulnerability exists in the Linux kernel's AMD XDNA accelerator driver (accel/amdxdna) where a memset() operation clears a command header before validating sufficient space is available in the command slot, potentially leading to memory corruption. The vulnerability affects Linux kernel versions across multiple releases where the amdxdna driver is present and enabled. An attacker with local access and appropriate capabilities to interact with the amdxdna device could trigger this memory corruption to achieve denial of service or potentially escalate privileges.

Technical ContextAI

The vulnerability resides in the AMD XDNA accelerator subsystem (accel/amdxdna) within the Linux kernel, as identified by CPE cpe:2.3:a:linux:linux. The root cause is classified as a buffer overflow / out-of-bounds write (CWE-120/CWE-787 family), specifically a timing-of-check-time-of-use (TOCTOU) style vulnerability where the order of operations is incorrect. The vulnerable code path involves command slot handling where a memset() operation to clear the command header structure occurs before the kernel validates that sufficient space remains in the allocated command slot. When the remaining slot space is smaller than the command header size, the memset() writes beyond the buffer boundaries into adjacent kernel memory, corrupting critical data structures or control flow information.

RemediationAI

Update the Linux kernel to a version containing the fix patches available at https://git.kernel.org/stable/c/cca770d710d5e03bc814af585cd6975eb6d74074 or https://git.kernel.org/stable/c/1110a949675ebd56b3f0286e664ea543f745801c. For most users, this involves updating to the latest stable kernel release for your distribution (e.g., via apt upgrade, yum update, or equivalent package manager). Systems running AMD XDNA hardware should prioritize this update given the local privilege escalation and denial of service potential. If immediate patching is not possible, restrict unprivileged user access to amdxdna device nodes (typically /dev/amdxdna*) via file permissions or SELinux/AppArmor policies, and consider disabling the amdxdna driver module if the hardware is not in active use.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie not-affected - -
trixie (security) fixed 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15216 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy