Skip to main content

Linux EUVDEUVD-2026-15308

| CVE-2026-23341 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-25 Linux GHSA-g743-x9vq-5fpv
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.2 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:27 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15308
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix crash when destroying a suspended hardware context

If userspace issues an ioctl to destroy a hardware context that has already been automatically suspended, the driver may crash because the mailbox channel pointer is NULL for the suspended context.

Fix this by checking the mailbox channel pointer in aie2_destroy_context() before accessing it.

AnalysisAI

A null pointer dereference vulnerability exists in the Linux kernel's AMD XDNA accelerator driver (accel/amdxdna) that can cause a kernel crash when userspace attempts to destroy a hardware context that has been automatically suspended. The vulnerability affects all Linux kernel versions with the vulnerable amdxdna driver code path; an unprivileged local user with access to the driver's ioctl interface can trigger a denial of service by issuing a destroy context command on a suspended context, causing the kernel to crash when accessing a NULL mailbox channel pointer. No CVSS score, EPSS data, or KEV status is currently available, but the vulnerability is classified as a denial of service with straightforward triggering conditions.

Technical ContextAI

The Linux kernel's accel/amdxdna module is a driver for AMD's XDNA (AI acceleration) hardware. The vulnerability resides in the context management subsystem, specifically in the aie2_destroy_context() function which handles cleanup of hardware execution contexts. When a hardware context is automatically suspended by the driver, the associated mailbox channel pointer (used for communication with the accelerator firmware) can be set to NULL. The root cause is a missing NULL pointer check before dereferencing this mailbox channel pointer during context destruction. This falls under CWE-476 (Null Pointer Dereference) and demonstrates a missing input validation/state verification issue common in kernel drivers managing complex hardware state machines. The affected code path involves the interaction between userspace ioctl calls and kernel driver state management for suspended accelerator contexts.

RemediationAI

Update the Linux kernel to a version that includes the fixes from commits a6317704edab95d66a62fc1861d9546284ab678e or 8363c02863332992a1822688da41f881d88d1631 (available in Linux stable branches). Users should check their distribution's kernel version and apply the latest stable or longterm kernel update that includes the amdxdna NULL pointer check fix. For systems unable to immediately patch, restrict unprivileged user access to AMD XDNA driver ioctl interfaces via kernel module permissions or user group restrictions, as the vulnerability requires local user-level access to trigger. Coordinate updates with system downtime schedules to minimize availability impact.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie not-affected - -
trixie (security) fixed 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15308 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy