SB20260325173 - Out-of-bounds write in Linux kernel accel amdxdna driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2026-23288)

The vulnerability allows a local user to cause memory corruption and potentially execute arbitrary code.

The vulnerability exists due to an out-of-bounds write in the accel/amdxdna component when handling command slots. A local user can trigger a specially crafted sequence of operations to cause an out-of-bounds memset operation prior to size validation, resulting in memory corruption.

The issue arises because the command header is cleared using memset() before validating that sufficient space is available in the command slot, which may lead to writing beyond the allocated bounds.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/1110a949675ebd56b3f0286e664ea543f745801c
• https://git.kernel.org/stable/c/cca770d710d5e03bc814af585cd6975eb6d74074