SB20260325118 - Cryptographic Issues in Linux kernel amd amdgpu driver



SB20260325118 - Cryptographic Issues in Linux kernel amd amdgpu driver

Published: March 25, 2026

Security Bulletin ID SB20260325118
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Cryptographic Issues (CVE-ID: CVE-2026-23338)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper input validation in the drm/amdgpu/userq component when handling ioctl calls with a too small num_fences parameter. A local user can provide a specially crafted input to cause the kernel to emit warnings, leading to unnecessary logging and potential system disruption.

The attacker needs local system access and no additional privileges or user interaction beyond the ability to invoke the vulnerable ioctl.


Remediation

Install update from vendor's website.