CVE-2026-23288

Vulnerability

CVE-2026-23288 is a vulnerability in the Linux kernel's accel/amdxdna driver. The root cause is an out-of-bounds write that occurs when handling command slots. Specifically, the driver uses memset() to clear a command header before verifying that the remaining space in the command slot is large enough to hold that header. If the available space is smaller than the header size, the memset() operation writes beyond the allocated buffer, leading to memory corruption [1][2].

Exploitation

An attacker with local access and sufficient privileges to interact with the accel/amdxdna driver could trigger this vulnerability. The issue is in the command submission path, which requires the ability to submit commands to the AMD XDNA accelerator. No network-based exploitation is described, and the prerequisite is local access to the kernel driver interface.

Impact

Successful exploitation can result in memory corruption, potentially leading to system instability, denial of service, or arbitrary code execution in the kernel context. The CVSS v3 score of 7.8 (High) reflects the potential for high impact on confidentiality, integrity, and availability, although it requires local access.

Mitigation

The fix was applied in the Linux kernel stable tree by moving the memset() call after the size validation. Users should update to a kernel version containing the commit that addresses CVE-2026-23288 [1][2]. No workarounds are documented, but limiting local access to the AMD XDNA driver may reduce the attack surface.