{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23328", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.996Z", "datePublished": "2026-03-25T10:27:20.559Z", "dateUpdated": "2026-03-25T10:27:20.559Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:20.559Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix NULL pointer dereference of mgmt_chann\n\nmgmt_chann may be set to NULL if the firmware returns an unexpected\nerror in aie2_send_mgmt_msg_wait(). This can later lead to a NULL\npointer dereference in aie2_hw_stop().\n\nFix this by introducing a dedicated helper to destroy mgmt_chann\nand by adding proper NULL checks before accessing it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/aie2_message.c", "drivers/accel/amdxdna/aie2_pci.c", "drivers/accel/amdxdna/aie2_pci.h"], "versions": [{"version": "b87f920b934426a24d54613f12ed67c03ae05024", "lessThan": "032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5", "status": "affected", "versionType": "git"}, {"version": "b87f920b934426a24d54613f12ed67c03ae05024", "lessThan": "6270ee26e1edd862ea17e3eba148ca8fb2c99dc9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/aie2_message.c", "drivers/accel/amdxdna/aie2_pci.c", "drivers/accel/amdxdna/aie2_pci.h"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5"}, {"url": "https://git.kernel.org/stable/c/6270ee26e1edd862ea17e3eba148ca8fb2c99dc9"}], "title": "accel/amdxdna: Fix NULL pointer dereference of mgmt_chann", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix NULL pointer dereference of mgmt_chann\n\nmgmt_chann may be set to NULL if the firmware returns an unexpected\nerror in aie2_send_mgmt_msg_wait(). This can later lead to a NULL\npointer dereference in aie2_hw_stop().\n\nFix this by introducing a dedicated helper to destroy mgmt_chann\nand by adding proper NULL checks before accessing it."}], "id": "CVE-2026-23328", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:29.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6270ee26e1edd862ea17e3eba148ca8fb2c99dc9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann", "id": "2451251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451251"}, "csaw": false, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel's accel/amdxdna component. An unexpected firmware error during message handling can cause a critical communication variable (mgmt_chann) to be set to NULL. This can lead to a NULL pointer dereference when the system attempts to stop hardware operations, resulting in a Denial of Service (DoS) that crashes the system."], "name": "CVE-2026-23328", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23328\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23328\nhttps://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23328-9600@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-03-25T12:16:10.205397+00:00", "value": {"mitigation_remediation": ["Apply an updated Linux kernel that includes the fix for CVE\u20112026\u201123328", "Verify the kernel distribution\u2019s security advisories to confirm the patch is installed", "If no patch is available, restrict or disable use of the AMD DNA accelerator until a fix is released"], "summary": {"action": "Patch", "impact": "Denial of Service via kernel crash"}, "threat_synthesis": {"affected_systems": "The flaw resides in the core amdxdna component of the Linux kernel, so any kernel build that includes this code path is potentially affected. No specific release versions are listed, meaning that all Linux kernel variants that ship with the buggy code could be vulnerable until the patch is applied.", "description_and_impact": "A NULL pointer dereference occurs in the Linux kernel\u2019s amdxdna acceleration subsystem when the mgmt_chann object is set to NULL after an unexpected firmware error during aie2_send_mgmt_msg_wait. Subsequent calls to aie2_hw_stop attempt to access this NULL pointer, causing a kernel crash. The crash results in a denial of service for the affected system. The vulnerability is a classic instance of a null pointer dereference, identified as CWE\u2011476.", "risk_and_exploitability": "No CVSS score or EPSS data are provided, and the vulnerability is not listed in the CISA KEV catalog, making it difficult to quantify exploitability or overall risk. The attack vector that the description implies is that a user with the ability to trigger the firmware call\u2014such as a local or privileged user who can send a malformed message to the AMD DNA accelerator\u2014could cause the kernel to crash. This assessment is inferred from the description of the fault condition and the typical control paths for the accelerator and is not stated explicitly in the CVE data."}}}}, "created": "2026-03-25T21:27:33.044382+00:00", "updated": "2026-03-25T21:27:33.044404+00:00", "vendors": [], "weaknesses": ["CWE-476"]}