Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix error handling in slot reset

If the device has not recovered after slot reset is called, it goes to
out label for error handling. There it could make decision based on
uninitialized hive pointer and could result in accessing an uninitialized
list.

Initialize the list and hive properly so that it handles the error
situation and also releases the reset domain lock which is acquired
during error_detected callback.

(cherry picked from commit bb71362182e59caa227e4192da5a612b09349696)
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

This vulnerability arises in the AMDGPU driver of the Linux kernel, where an uninitialized pointer to a structure referred to as the hive could be dereferenced during error handling after a slot reset. The result is access to an uninitialized list, potentially leading to a kernel crash or undefined kernel behavior. The primary consequence of exploitation is a denial of service on the affected system, as the kernel may abort when the erroneous list is accessed.

Affected Systems

The flaw affects systems running the Linux kernel when the AMDGPU DRM driver is in use. No specific kernel version ranges are listed, so any kernel that includes the vulnerable code path prior to the applied fix is potentially impacted.

Risk and Exploitability

The EPSS score is reported as below 1 % and the vulnerability is not present in the CISA KEV catalog, indicating a low likelihood of widespread exploitation. The fix addresses uninitialized data handling, so exploitation would require triggering a slot reset failure. It is inferred that an attacker would need local access to a machine with an AMDGPU device and the ability to invoke the reset operation. With the low EPSS and absence from KEV, the overall risk is considered moderate, primarily limited to local or compromised environments.

Generated by OpenCVE AI on March 26, 2026 at 14:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that incorporates the commit bb71362182e59caa227e4192da5a612b09349696, which fixes the uninitialized pointer bug in the AMDGPU driver.
  • If a kernel update is not immediately available, apply the patch manually: copy the changes from the referenced commit into your kernel source, rebuild the kernel, and reload the amdgpu module.
  • After updating or patching, verify that the amdgpu driver loads without errors and that the reset domain lock is released properly during error handling.
  • Continuously monitor system logs for messages related to amdgpu slot resets to ensure the issue is resolved.

Generated by OpenCVE AI on March 26, 2026 at 14:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 24 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-908
CPEs cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-690

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-824
References

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665
CWE-690

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix error handling in slot reset If the device has not recovered after slot reset is called, it goes to out label for error handling. There it could make decision based on uninitialized hive pointer and could result in accessing an uninitialized list. Initialize the list and hive properly so that it handles the error situation and also releases the reset domain lock which is acquired during error_detected callback. (cherry picked from commit bb71362182e59caa227e4192da5a612b09349696)
Title drm/amdgpu: Fix error handling in slot reset
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:05:43.873Z

Reserved: 2026-01-13T15:37:46.000Z

Link: CVE-2026-23358

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:34.610

Modified: 2026-04-24T19:03:35.863

Link: CVE-2026-23358

cve-icon Redhat

Severity :

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23358 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:49:18Z

Weaknesses