Description
In the Linux kernel, the following vulnerability has been resolved:

Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"

This reverts commit 7294863a6f01248d72b61d38478978d638641bee.

This commit was erroneously applied again after commit 0ab5d711ec74
("drm/amd: Refactor `amdgpu_aspm` to be evaluated per device")
removed it, leading to very hard to debug crashes, when used with a system with two
AMD GPUs of which only one supports ASPM.

(cherry picked from commit 97a9689300eb2b393ba5efc17c8e5db835917080)
Published: 2026-03-18
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logic error introduced by an improperly applied commit in the Linux kernel AMD GPU driver causes a kernel crash when a system hosts two AMD GPUs, one of which does not support ASPM. The driver attempts to enforce ASPM based on subsystem settings, but the missing check leads to a hard‑to‑debug fault that brings the entire system down. The vulnerability results in a denial of service by terminating kernel operation.

Affected Systems

All Linux distributions that ship a kernel containing the misapplied commit before the corrective refactor, particularly those with dual AMD GPUs where only one GPU supports ASPM. The issue is present in the mainline kernel as identified by the kernel CPE string. Distribution kernels that have applied the revert commit or the subsequent refactor are not affected.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score is below 1% and the vulnerability is not listed in CISA's KEV catalog, indicating a low probability of widespread exploitation. However, the impact of a kernel crash is severe. The vulnerability can be triggered by normal use of the affected dual‑GPU configuration; no public exploit is required. Attackers would exploit the crash by ensuring the system is in a state that triggers the misapplied ASPM check, which can be done simply by powering on or re‑initializing the devices.

Generated by OpenCVE AI on May 29, 2026 at 20:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the operating system or Linux kernel to a version that includes the revert commit 0ab5d711ec74 or later, which removes the faulty ASPM check.
  • If an updated kernel is not yet available, consider disabling ASPM support on the non‑ASPM GPU or using kernel configuration options that omit the faulty driver logic.
  • If you cannot update the kernel, temporarily disable the amdgpu driver for the non‑ASPM GPU by adding a module blacklist entry in /etc/modprobe.d/blacklist.conf.

Generated by OpenCVE AI on May 29, 2026 at 20:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8278-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8289-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8296-1 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8296-2 Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN Ubuntu USN USN-8278-2 Linux kernel (Azure) vulnerabilities
History

Fri, 29 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CWE-750

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CWE-750

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-687

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-687

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Thu, 19 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 18 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after commit 0ab5d711ec74 ("drm/amd: Refactor `amdgpu_aspm` to be evaluated per device") removed it, leading to very hard to debug crashes, when used with a system with two AMD GPUs of which only one supports ASPM. (cherry picked from commit 97a9689300eb2b393ba5efc17c8e5db835917080)
Title Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:04:24.012Z

Reserved: 2026-01-13T15:37:45.990Z

Link: CVE-2026-23264

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-18T18:16:25.073

Modified: 2026-05-29T18:44:27.880

Link: CVE-2026-23264

cve-icon Redhat

Severity :

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2026-23264 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T20:30:07Z

Weaknesses