Description
In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix NULL pointer dereference of mgmt_chann

mgmt_chann may be set to NULL if the firmware returns an unexpected
error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL
pointer dereference in aie2_hw_stop().

Fix this by introducing a dedicated helper to destroy mgmt_chann
and by adding proper NULL checks before accessing it.
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The flaw is a NULL pointer dereference in the accel/amdxdna driver, triggered when firmware returns an unexpected error. It can cause the kernel to crash during a hardware stop operation, leading to a denial of service.

Affected Systems

This vulnerability affects Linux kernel versions 6.14 and 7.0 release candidates rc1 through rc7 as listed in the cpe data, and any earlier kernel versions before the patch commit.

Risk and Exploitability

The EPSS score is below 1%, and the vulnerability is not listed in CISA's KEV catalog, indicating a low exploitation likelihood. The CVSS score of 5.5 indicates moderate severity. The likely attack vector is local or privileged access, inferred because the flaw requires manipulating firmware or the driver. While the vulnerability does not provide remote code execution, an unpatched system could experience crashes that may disrupt operations.

Generated by OpenCVE AI on April 29, 2026 at 00:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Linux kernel patch that addresses CVE-2026-23328 (commit 032ca7a9 or later).
  • Recompile the accel/amdxdna driver against the patched kernel after updating any AMD XDNA firmware.
  • Reboot the system to load the new kernel.
  • If a patch is not available, monitor for kernel crashes and plan for the update.

Generated by OpenCVE AI on April 29, 2026 at 00:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:6.14:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann mgmt_chann may be set to NULL if the firmware returns an unexpected error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL pointer dereference in aie2_hw_stop(). Fix this by introducing a dedicated helper to destroy mgmt_chann and by adding proper NULL checks before accessing it.
Title accel/amdxdna: Fix NULL pointer dereference of mgmt_chann
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:04:44.264Z

Reserved: 2026-01-13T15:37:45.996Z

Link: CVE-2026-23328

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:29.977

Modified: 2026-04-23T21:11:04.670

Link: CVE-2026-23328

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23328 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T00:45:26Z

Weaknesses