CVE-2026-23295 - Vulnerability Details

- accel/amdxdna: Fix dead lock for suspend and resume

Description

In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix dead lock for suspend and resume

When an application issues a query IOCTL while auto suspend is running,
a deadlock can occur. The query path holds dev_lock and then calls
pm_runtime_resume_and_get(), which waits for the ongoing suspend to
complete. Meanwhile, the suspend callback attempts to acquire dev_lock
and blocks, resulting in a deadlock.

Fix this by releasing dev_lock before calling pm_runtime_resume_and_get()
and reacquiring it after the call completes. Also acquire dev_lock in the
resume callback to keep the locking consistent.

Published: 2026-03-25

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw resides in the AMD DNA accelerator driver within the Linux kernel. An application that issues a query IOCTL while the kernel is performing an auto‑suspend can cause a deadlock. The driver holds a device lock and then requests a runtime resume, but the suspend routine also needs that lock. Because each side waits for the other, the system stalls. This results in a denial of service: the affected device and potentially the entire system become unresponsive when the device is queried during suspend. The weakness corresponds to the locking misuse identified by CWE‑413.

Affected Systems

Affected systems are all Linux distributions running a kernel that includes the accel/amdxdna driver before the fix. The advisory lists the generic Linux kernel CPE and does not narrow to specific releases, meaning any kernel with this component is vulnerable until the patch is applied. Administrators of Linux servers, workstations, or embedded devices should verify whether their kernel contains this driver and whether a patched version is available.

Risk and Exploitability

The CVSS score is not supplied, but the EPSS indicates less than 1 % probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack requires local execution: an attacker must be able to run code that can send the IOCTL to the device while the kernel is suspending. While this suggests a limited attack surface, a compromised or malicious application could trigger the deadlock, especially on systems that rely on power‑management features. The availability impact is immediate once the deadlock occurs, and no privilege escalation is required.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`063db451832b8849faf1b0b8404b3a6a39995b29`	affected	< ac24537478dd8eb2fd3984b4652bb19461e5e74c
`063db451832b8849faf1b0b8404b3a6a39995b29`	affected	< 1aa82181a3c285c7351523d587f7981ae4c015c8

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[063db451832b8849faf1b0b8404b3a6a39995b29,ac24537478dd8eb2fd3984b4652bb19461e5e74c)`	affected	code_commit	—
`[063db451832b8849faf1b0b8404b3a6a39995b29,1aa82181a3c285c7351523d587f7981ae4c015c8)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	generic	—
`[0,6.19)`	unaffected	generic	—
`[6.19.7,6.20.0)`	unaffected	semver	—
`[7.0-rc2,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Verify the kernel version and confirm whether the accel/amdxdna driver is present.
Install the latest kernel update that contains the fix for CVE‑2026‑23295.
If an update is not immediately available, consider disabling auto‑suspend for the affected device as a temporary measure.
Reboot the system to clear any pending suspension states.

Generated by OpenCVE AI on March 26, 2026 at 14:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1aa82181a3c285c7351523d587f7981ae4c015c8
https://git.kernel.org/stable/c/ac24537478dd8eb2fd3984b4652bb19461e5e74c
https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23295-59d2@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23295
https://www.cve.org/CVERecord?id=CVE-2026-23295

History

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-668

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-413
References		https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23295-59d2@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23295 https://www.cve.org/CVERecord?id=CVE-2026-23295

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-668

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix dead lock for suspend and resume When an application issues a query IOCTL while auto suspend is running, a deadlock can occur. The query path holds dev_lock and then calls pm_runtime_resume_and_get(), which waits for the ongoing suspend to complete. Meanwhile, the suspend callback attempts to acquire dev_lock and blocks, resulting in a deadlock. Fix this by releasing dev_lock before calling pm_runtime_resume_and_get() and reacquiring it after the call completes. Also acquire dev_lock in the resume callback to keep the locking consistent.
Title		accel/amdxdna: Fix dead lock for suspend and resume
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1aa82181a3c285c7351523d587f7981ae4c015c8 https://git.kernel.org/stable/c/ac24537478dd8eb2fd3984b4652bb19461e5e74c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:26:52.789Z

Updated: 2026-05-11T22:04:07.249Z

Reserved: 2026-01-13T15:37:45.993Z

Link: CVE-2026-23295

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:24.853

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-23295

Redhat

Severity :

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23295 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-27T09:50:11Z

Weaknesses

CWE-413

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object