VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Mar 25, 2026· Updated Apr 23, 2026

CVE-2026-23338

CVE-2026-23338

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings

Userspace can either deliberately pass in the too small num_fences, or the required number can legitimately grow between the two calls to the userq wait ioctl. In both cases we do not want the emit the kernel warning backtrace since nothing is wrong with the kernel and userspace will simply get an errno reported back. So lets simply drop the WARN_ONs.

(cherry picked from commit 2c333ea579de6cc20ea7bc50e9595ef72863e65c)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A Linux kernel fix removes WARN_ONs in the AMDGPU userq wait ioctl that allowed userspace to trigger kernel warning backtraces.

Vulnerability

CVE-2026-23338 is a vulnerability in the Linux kernel's AMDGPU driver, specifically in the userq (user queue) wait ioctl. The issue arises from the use of WARN_ON macros that could be triggered by userspace when the number of fences passed to the ioctl is too small. This can happen either deliberately or because the required number of fences legitimately grows between two calls to the ioctl [1].

Exploitation

An attacker with local access and the ability to interact with the AMDGPU device can exploit this by passing a num_fences value that is smaller than needed. No special privileges beyond normal user access to the DRM device are required. The attack surface is local, as it involves the kernel's DRM subsystem [1].

Impact

Triggering the WARN_ON causes a kernel warning backtrace to be printed to the kernel log, which can be used to generate noise or potentially aid in denial-of-service scenarios. However, the fix notes that nothing is wrong with the kernel itself, and userspace simply receives an errno. The impact is limited to unnecessary kernel log spam and potential distraction for system administrators [1].

Mitigation

The fix removes the WARN_ON macros, preventing userspace from trivially triggering kernel warnings. The vulnerability is patched in the Linux kernel stable tree. Users should update to a kernel version containing the commit 2c333ea579de6cc20ea7bc50e9595ef72863e65c or later [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • Linux/Kernel9 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.16.1,<6.18.17
    • cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
  • Linux/Linux Kernel Rtllm-fuzzy

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.