SB2026032591 - Use of Uninitialized Variable in Linux kernel amd amdgpu driver
Published: March 25, 2026
Security Bulletin ID
SB2026032591
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of Uninitialized Variable (CVE-ID: CVE-2026-23358)
The vulnerability allows a local user to execute arbitrary code and escalate privileges.
The vulnerability exists due to improper initialization in the DRM/AMDGPU subsystem when handling error conditions during slot reset. A local user can trigger a use of uninitialized memory to execute arbitrary code and escalate privileges.
The issue arises from an uninitialized hive pointer and list, which may be accessed if the device fails to recover after a slot reset, leading to memory corruption.
Remediation
Install update from vendor's website.