Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings

Userspace can either deliberately pass in the too small num_fences, or the
required number can legitimately grow between the two calls to the userq
wait ioctl. In both cases we do not want the emit the kernel warning
backtrace since nothing is wrong with the kernel and userspace will simply
get an errno reported back. So lets simply drop the WARN_ONs.

(cherry picked from commit 2c333ea579de6cc20ea7bc50e9595ef72863e65c)
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Warning Trigger
Action: Apply Patch
AI Analysis

Impact

The Linux kernel’s amdgpu driver contains a flaw where a userspace application can cause the kernel to emit a WARN_ON warning backtrace via the user queue wait ioctl. By requesting an excessively small number of fences or letting the required number of fences grow between calls, the driver would warn even though the kernel is in a valid state. The fix removes these WARN_ON checks, limiting the observable effect to an errno return value returned to userspace.

Affected Systems

Linux kernels that include the amdgpu driver before the commit that removed the WARN_ON checks are affected. Kernel versions from 6.16 and the 7.0 series release candidates through 7.0-rc7 are listed as vulnerable, indicating that any kernel prior to the application of the patch may exhibit the warning behavior.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1 % indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local userspace access to the amdgpu driver and results only in delivery of kernel warning backtraces, not in code execution or denial of service. The likely attack vector is local userspace interaction with the amdgpu device; the fix removes the warning path and mitigates the issue.

Generated by OpenCVE AI on April 29, 2026 at 00:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the running kernel to a version that incorporates the amdgpu driver change that removes the WARN_ON statements.
  • If building from source, apply or verify the application of commit 2c333ea5, which removes the warning path from the driver.
  • Monitor kernel logs for any remaining amdgpu warning messages; if warnings continue, investigate further configuration changes or contact the distribution maintainer for a patched kernel.

Generated by OpenCVE AI on April 29, 2026 at 00:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-397
CWE-668

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-397
CWE-668

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too small num_fences, or the required number can legitimately grow between the two calls to the userq wait ioctl. In both cases we do not want the emit the kernel warning backtrace since nothing is wrong with the kernel and userspace will simply get an errno reported back. So lets simply drop the WARN_ONs. (cherry picked from commit 2c333ea579de6cc20ea7bc50e9595ef72863e65c)
Title drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:04:54.623Z

Reserved: 2026-01-13T15:37:45.997Z

Link: CVE-2026-23338

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:31.537

Modified: 2026-04-23T21:17:25.680

Link: CVE-2026-23338

cve-icon Redhat

Severity :

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23338 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T00:45:26Z

Weaknesses