CVE-2026-23280

Vulnerability

CVE-2026-23280 is an integer overflow vulnerability in the Linux kernel's amdxdna accelerator driver. When calculating the size of user buffer (ubuf) memory to allocate, the driver does not properly guard against arithmetic overflow. This can result in an undersized allocation, leading to subsequent memory corruption.

Exploitation

An attacker with local access and sufficient privileges to interact with the amdxdna device could trigger this vulnerability by providing crafted input that causes the ubuf size calculation to overflow. The attack requires the ability to issue specific ioctl calls to the accelerator device, making it accessible to users with local system access.

Impact

Successful exploitation could lead to memory corruption within the kernel, potentially allowing an attacker to escalate privileges or cause a denial of service. The CVSS v3 base score of 7.8 (High) reflects the significant impact on confidentiality, integrity, and availability.

Mitigation

The fix, already merged into the Linux kernel stable tree, uses the check_add_overflow() helper to validate the size calculation before performing the allocation [1][2][3]. Users should update their kernel to a version containing the patch.