Main Vulnerability Database SB20260325133

SB20260325133 - NULL Pointer Dereference in Linux kernel accel amdxdna driver

Published: March 25, 2026

Security Bulletin ID SB20260325133

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL Pointer Dereference (CVE-ID: CVE-2026-23328)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a NULL pointer dereference in the accel/amdxdna component when handling management channel operations. A local user can trigger improper handling of firmware error responses to cause a denial of service.

The issue arises when mgmt_chann is set to NULL due to an unexpected firmware error, which is later dereferenced during hardware stop operations.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/032ca7a9059c4ba6c329e0f1b442dab54dd9c3e5
https://git.kernel.org/stable/c/6270ee26e1edd862ea17e3eba148ca8fb2c99dc9