Skip to main content

Linux Kernel EUVDEUVD-2026-32264

| CVE-2026-45980 HIGH
Use After Free (CWE-416)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-237r-rx7w-5j6c
7.8
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 11:33 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
7.8 (HIGH)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Stop job scheduling across aie2_release_resource()

Running jobs on a hardware context while it is in the process of releasing resources can lead to use-after-free and crashes.

Fix this by stopping job scheduling before calling aie2_release_resource() and restarting it after the release completes. Additionally, aie2_sched_job_run() now checks whether the hardware context is still active.

AnalysisAI

Local privilege escalation and denial of service in the Linux kernel's AMD XDNA (amdxdna) accelerator driver allows authenticated local users to trigger a use-after-free condition by submitting jobs to a hardware context concurrently with resource release. The flaw affects kernels in the 6.14.9 through 6.15 series and was resolved upstream by stopping job scheduling around aie2_release_resource() and validating context state in aie2_sched_job_run(). No public exploit identified at time of analysis, and EPSS scoring (0.02%) indicates negligible near-term exploitation probability.

Technical ContextAI

The vulnerability resides in the accel/amdxdna kernel subsystem, which is the driver for AMD's XDNA (Xilinx Deep Neural Network Accelerator) AI engine hardware found in modern AMD Ryzen AI processors. The root cause is a race condition between the job scheduler path (aie2_sched_job_run()) and the resource teardown path (aie2_release_resource()): jobs can be dispatched to a hardware context whose backing resources are being freed, producing a classic use-after-free (CWE-416 class) on the per-context state. While CWE is listed as N/A in the input, the described pattern - dereferencing freed context structures during concurrent scheduling - is consistent with a use-after-free / race condition (CWE-362) defect. The fix introduces a quiesce-around-release pattern plus an active-context check in the submission path.

RemediationAI

Upstream fix available via the three referenced kernel.org commits (f1370241, b79d31dc, 688c3ff0); upgrade to a stable kernel containing the backport - Linux 6.18.14, 6.19.4, or 7.0 or later per the EUVD-listed fixed versions - or apply the distribution vendor's patched package once released (track Red Hat, SUSE, Ubuntu, and Debian security trackers for CVE-2026-45980). If immediate patching is not feasible, compensating controls include blacklisting the amdxdna kernel module on systems that do not require AMD NPU functionality (add 'blacklist amdxdna' to /etc/modprobe.d/, which disables AI accelerator workloads but eliminates the attack surface entirely), or restricting access to the accelerator device nodes under /dev via stricter permissions or udev rules to limit which local users can submit jobs (trade-off: breaks legitimate XDNA users such as ONNX/PyTorch inference workloads relying on the NPU). On servers and systems without XDNA hardware, no action is required as the vulnerable code path is unreachable.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-32264 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy