CVE-2026-23328 - Vulnerability Details

- accel/amdxdna: Fix NULL pointer dereference of mgmt_chann

Description

In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix NULL pointer dereference of mgmt_chann

mgmt_chann may be set to NULL if the firmware returns an unexpected
error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL
pointer dereference in aie2_hw_stop().

Fix this by introducing a dedicated helper to destroy mgmt_chann
and by adding proper NULL checks before accessing it.

Published: 2026-03-25

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw is a NULL pointer dereference in the accel/amdxdna driver, triggered when firmware returns an unexpected error. It can cause the kernel to crash during a hardware stop operation, leading to a denial of service.

Affected Systems

The defect affects the Linux kernel, particularly the accel/amdxdna component that interacts with AMD XDNA hardware. No specific kernel releases are listed, so any kernel version before the patch commit is potentially vulnerable.

Risk and Exploitability

The EPSS score is below 1%, and the vulnerability is not listed in CISA's KEV catalog, indicating a low exploitation likelihood. However, the flaw could be triggered by manipulating firmware or the driver, which would require local or privileged access. While the vulnerability does not provide remote code execution, an unpatched system could experience crashes that may disrupt operations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`b87f920b934426a24d54613f12ed67c03ae05024`	affected	< 032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5
`b87f920b934426a24d54613f12ed67c03ae05024`	affected	< 6270ee26e1edd862ea17e3eba148ca8fb2c99dc9

Linux

affected

Version	Status	Constraints
`6.14`	affected	—
`0`	unaffected	< 6.14
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[b87f920b934426a24d54613f12ed67c03ae05024,032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5)`	affected	code_commit	—
`[b87f920b934426a24d54613f12ed67c03ae05024,6270ee26e1edd862ea17e3eba148ca8fb2c99dc9)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.14`	affected	semver	—
`[0,6.14)`	unaffected	semver	—
`[6.19.7,6.20.0)`	unaffected	semver	—
`[7.0-rc3,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the Linux kernel patch that addresses CVE-2026-23328 (commit 032ca7a9 or later).
Verify the kernel version contains the patch using uname -r and checking the commit log.
Update any AMD XDNA firmware and recompile its driver against the patched kernel.
Reboot the system after updating to load the new kernel.
If a patch is not available, monitor for kernel crashes and plan for an update.

Generated by OpenCVE AI on March 26, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5
https://git.kernel.org/stable/c/6270ee26e1edd862ea17e3eba148ca8fb2c99dc9
https://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23328-9600@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23328
https://www.cve.org/CVERecord?id=CVE-2026-23328

History

Thu, 23 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel:6.14:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23328-9600@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23328 https://www.cve.org/CVERecord?id=CVE-2026-23328
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann mgmt_chann may be set to NULL if the firmware returns an unexpected error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL pointer dereference in aie2_hw_stop(). Fix this by introducing a dedicated helper to destroy mgmt_chann and by adding proper NULL checks before accessing it.
Title		accel/amdxdna: Fix NULL pointer dereference of mgmt_chann
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5 https://git.kernel.org/stable/c/6270ee26e1edd862ea17e3eba148ca8fb2c99dc9

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:27:20.559Z

Updated: 2026-04-13T06:05:07.155Z

Reserved: 2026-01-13T15:37:45.996Z

Link: CVE-2026-23328

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-03-25T11:16:29.977

Modified: 2026-04-23T21:11:04.670

Link: CVE-2026-23328

Redhat

Severity : Moderate

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23328 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-26T12:16:30Z

Weaknesses

CWE-476

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object