{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23341", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.998Z", "datePublished": "2026-03-25T10:27:29.438Z", "dateUpdated": "2026-03-25T10:27:29.438Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:29.438Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix crash when destroying a suspended hardware context\n\nIf userspace issues an ioctl to destroy a hardware context that has\nalready been automatically suspended, the driver may crash because the\nmailbox channel pointer is NULL for the suspended context.\n\nFix this by checking the mailbox channel pointer in aie2_destroy_context()\nbefore accessing it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/aie2_message.c"], "versions": [{"version": "2611c9616cb52d3ed54a6095d72d18e645a6955a", "lessThan": "a6317704edab95d66a62fc1861d9546284ab678e", "status": "affected", "versionType": "git"}, {"version": "97f27573837ef96b4ba42af463cc800cab615c0e", "lessThan": "8363c02863332992a1822688da41f881d88d1631", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/aie2_message.c"], "versions": [{"version": "7.0-rc1", "status": "affected"}, {"version": "0", "lessThan": "7.0-rc1", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19.4", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0-rc1", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a6317704edab95d66a62fc1861d9546284ab678e"}, {"url": "https://git.kernel.org/stable/c/8363c02863332992a1822688da41f881d88d1631"}], "title": "accel/amdxdna: Fix crash when destroying a suspended hardware context", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix crash when destroying a suspended hardware context\n\nIf userspace issues an ioctl to destroy a hardware context that has\nalready been automatically suspended, the driver may crash because the\nmailbox channel pointer is NULL for the suspended context.\n\nFix this by checking the mailbox channel pointer in aie2_destroy_context()\nbefore accessing it."}], "id": "CVE-2026-23341", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:32.013", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8363c02863332992a1822688da41f881d88d1631"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a6317704edab95d66a62fc1861d9546284ab678e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: accel/amdxdna: Fix crash when destroying a suspended hardware context", "id": "2451182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451182"}, "csaw": false, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel's accel/amdxdna component. A local user can exploit this by issuing an ioctl to destroy a hardware context that has been automatically suspended. This can lead to a system crash, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-23341", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23341\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23341\nhttps://lore.kernel.org/linux-cve-announce/2026032534-CVE-2026-23341-3f7b@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-03-25T12:13:59.767145+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that includes the fix (commit 8363c0286... or later).", "Verify that the running kernel contains the new code by checking its version or the presence of the commit.", "If an immediate kernel update is not possible, restrict access to the AMDXDNA device to trusted processes, avoid calling the destroy\u2011context ioctl on suspended contexts, and reboot the system after critical operations as a temporary mitigation."], "summary": {"action": "Apply patch", "impact": "Denial of Service via kernel crash"}, "threat_synthesis": {"affected_systems": "All Linux kernels that include the accel/amdxdna driver before the patch are affected. The CNA information lists only the generic Linux kernel, and no specific revision numbers are provided. System administrators should determine whether their running kernel contains the earlier buggy code or whether the driver module is present.", "description_and_impact": "The AMD XDNA accelerator driver in the Linux kernel contains a NULL pointer dereference when userspace issues an ioctl to destroy a hardware context that has already been automatically suspended. The driver accesses a mailbox channel pointer that is null for suspended contexts, causing a kernel panic. This flaw leads to a denial\u2011of\u2011service that can crash the system.", "risk_and_exploitability": "The flaw is exploitable by a local privileged user who can issue the relevant ioctl. It does not require network exposure and EPSS is not available. The vulnerability is not in the CISA KEV catalog, suggesting it is not widely exploited yet. However, the crash can be triggered deliberately, so applying the patch that validates the mailbox channel pointer removes the risk."}}}}, "created": "2026-03-25T21:32:13.227007+00:00", "updated": "2026-03-25T21:32:13.227059+00:00", "vendors": [], "weaknesses": ["CWE-476"]}