SB2026032084 - Type conversion in Linux kernel amd amdgpu driver
Published: March 20, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Type conversion (CVE-ID: CVE-2026-23264)
The vulnerability allows a local user to cause a denial of service, escalate privileges, or execute arbitrary code.
The vulnerability exists due to improper logic in the DRM/AMD GPU driver when handling PCIe ASPM (Active State Power Management) configuration for multi-GPU systems. A local user can trigger incorrect ASPM state evaluation on a system with multiple AMD GPUs where only one supports ASPM, leading to system crashes or instability that may be exploited to escalate privileges or execute arbitrary code.
The vulnerability specifically affects systems with two AMD GPUs where only one supports ASPM, and the flaw arises from reintroducing a previously reverted commit that did not account for per-device ASPM evaluation.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/243b467dea1735fed904c2e54d248a46fa417a2d
- https://git.kernel.org/stable/c/5b794951541e84d2968980a68dd1ac38420f75f3
- https://git.kernel.org/stable/c/5f645222eb30c91135119e12eccfd1b8ea88140e
- https://git.kernel.org/stable/c/d2bddc2da2b3ba5d738877c476bf97932dba32e8
- https://git.kernel.org/stable/c/f02c9052aaa031ef3c2285d86a155d4263180ddd