Skip to main content

Linux EUVDEUVD-2026-15227

| CVE-2026-23295 MEDIUM
Improper Locking (CWE-667)
2026-03-25 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 29, 2026 - 14:52 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15227
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:26 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix dead lock for suspend and resume

When an application issues a query IOCTL while auto suspend is running, a deadlock can occur. The query path holds dev_lock and then calls pm_runtime_resume_and_get(), which waits for the ongoing suspend to complete. Meanwhile, the suspend callback attempts to acquire dev_lock and blocks, resulting in a deadlock.

Fix this by releasing dev_lock before calling pm_runtime_resume_and_get() and reacquiring it after the call completes. Also acquire dev_lock in the resume callback to keep the locking consistent.

AnalysisAI

A deadlock vulnerability exists in the Linux kernel's AMD XDNA accelerator driver (accel/amdxdna) that occurs when an application issues a query IOCTL while the device is undergoing auto-suspend. The vulnerability affects all Linux distributions shipping the vulnerable kernel code. An attacker with local access to the system can trigger this deadlock by issuing query IOCTLs concurrently with power management events, causing a complete hang of the AMD XDNA accelerator subsystem and denial of service to legitimate applications. This vulnerability is not listed in the CISA KEV catalog and no public exploit code has been identified, but the fix has been integrated into the stable Linux kernel.

Technical ContextAI

The vulnerability resides in the AMD XDNA accelerator driver subsystem (accel/amdxdna) within the Linux kernel, which manages heterogeneous compute resources. The root cause is a classic lock-ordering deadlock (related to CWE-833: Deadlock) occurring between the device lock (dev_lock) and the power management runtime suspend mechanism (pm_runtime). When a query IOCTL is issued, the code acquires dev_lock and then calls pm_runtime_resume_and_get() to ensure the device is powered on. Simultaneously, if the auto-suspend callback triggers, it attempts to acquire the same dev_lock, creating a circular wait condition: the IOCTL path waits for suspend completion while the suspend path waits for the lock. The affected product is Linux kernel across all architectures supporting AMD XDNA accelerators (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*). The fix modifies the lock acquisition pattern to release dev_lock before calling pm_runtime_resume_and_get() and reacquire it afterward, eliminating the lock-ordering inversion.

RemediationAI

Upgrade to a Linux kernel version that includes the deadlock fix (commit ac24537478dd8eb2fd3984b4652bb19461e5e74c or later). Most distributions have backported this fix into their stable and long-term support kernels; check your distribution's security advisory or kernel release notes for the specific version containing this patch. For distributions not yet providing a patched kernel, monitor the Linux kernel stable repository (https://git.kernel.org/stable/) for incorporation into the 6.x long-term support branches. Until patching is possible, system administrators can mitigate by reducing reliance on auto-suspend for XDNA devices by disabling runtime power management (echo -1 > /sys/module/amdxdna/parameters/pm_mode if available) or limiting concurrent IOCTL operations during suspend windows, though these workarounds may impact power efficiency. Kernel developers should apply the fix by releasing dev_lock before invoking pm_runtime_resume_and_get() and reacquiring it afterward, as implemented in the referenced commits.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie not-affected - -
trixie (security) fixed 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15227 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy