{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23328", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.996Z", "datePublished": "2026-03-25T10:27:20.559Z", "dateUpdated": "2026-04-13T06:05:07.155Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-13T06:05:07.155Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix NULL pointer dereference of mgmt_chann\n\nmgmt_chann may be set to NULL if the firmware returns an unexpected\nerror in aie2_send_mgmt_msg_wait(). This can later lead to a NULL\npointer dereference in aie2_hw_stop().\n\nFix this by introducing a dedicated helper to destroy mgmt_chann\nand by adding proper NULL checks before accessing it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/aie2_message.c", "drivers/accel/amdxdna/aie2_pci.c", "drivers/accel/amdxdna/aie2_pci.h"], "versions": [{"version": "b87f920b934426a24d54613f12ed67c03ae05024", "lessThan": "032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5", "status": "affected", "versionType": "git"}, {"version": "b87f920b934426a24d54613f12ed67c03ae05024", "lessThan": "6270ee26e1edd862ea17e3eba148ca8fb2c99dc9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/aie2_message.c", "drivers/accel/amdxdna/aie2_pci.c", "drivers/accel/amdxdna/aie2_pci.h"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5"}, {"url": "https://git.kernel.org/stable/c/6270ee26e1edd862ea17e3eba148ca8fb2c99dc9"}], "title": "accel/amdxdna: Fix NULL pointer dereference of mgmt_chann", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8411F259-2329-41C5-AD6F-0A4DF344AD10", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.14.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:-:*:*:*:*:*:*", "matchCriteriaId": "7DE421BA-0600-4401-A175-73CAB6A6FB4E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix NULL pointer dereference of mgmt_chann\n\nmgmt_chann may be set to NULL if the firmware returns an unexpected\nerror in aie2_send_mgmt_msg_wait(). This can later lead to a NULL\npointer dereference in aie2_hw_stop().\n\nFix this by introducing a dedicated helper to destroy mgmt_chann\nand by adding proper NULL checks before accessing it."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\naccel/amdxdna: Correcci\u00f3n de la desreferencia de puntero NULL de mgmt_chann\n\nmgmt_chann puede establecerse en NULL si el firmware devuelve un error inesperado en aie2_send_mgmt_msg_wait(). Esto puede llevar posteriormente a una desreferencia de puntero NULL en aie2_hw_stop().\n\nSe soluciona esto introduciendo una funci\u00f3n auxiliar dedicada para destruir mgmt_chann y a\u00f1adiendo comprobaciones de NULL adecuadas antes de acceder a \u00e9l."}], "id": "CVE-2026-23328", "lastModified": "2026-04-23T21:11:04.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:29.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6270ee26e1edd862ea17e3eba148ca8fb2c99dc9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann", "id": "2451251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451251"}, "csaw": false, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel's accel/amdxdna component. An unexpected firmware error during message handling can cause a critical communication variable (mgmt_chann) to be set to NULL. This can lead to a NULL pointer dereference when the system attempts to stop hardware operations, resulting in a Denial of Service (DoS) that crashes the system."], "name": "CVE-2026-23328", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23328\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23328\nhttps://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23328-9600@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b87f920b934426a24d54613f12ed67c03ae05024,032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b87f920b934426a24d54613f12ed67c03ae05024,6270ee26e1edd862ea17e3eba148ca8fb2c99dc9)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.14"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-29T00:43:34.980530+00:00", "value": {"mitigation_remediation": ["Apply the Linux kernel patch that addresses CVE-2026-23328 (commit 032ca7a9 or later).", "Recompile the accel/amdxdna driver against the patched kernel after updating any AMD XDNA firmware.", "Reboot the system to load the new kernel.", "If a patch is not available, monitor for kernel crashes and plan for the update."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "This vulnerability affects Linux kernel versions 6.14 and 7.0 release candidates rc1 through rc7 as listed in the cpe data, and any earlier kernel versions before the patch commit.", "description_and_impact": "The flaw is a NULL pointer dereference in the accel/amdxdna driver, triggered when firmware returns an unexpected error. It can cause the kernel to crash during a hardware stop operation, leading to a denial of service.", "risk_and_exploitability": "The EPSS score is below 1%, and the vulnerability is not listed in CISA's KEV catalog, indicating a low exploitation likelihood. The CVSS score of 5.5 indicates moderate severity. The likely attack vector is local or privileged access, inferred because the flaw requires manipulating firmware or the driver. While the vulnerability does not provide remote code execution, an unpatched system could experience crashes that may disrupt operations."}}}}, "created": "2026-03-25T21:27:33.044382+00:00", "updated": "2026-04-29T00:45:26.170212+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}