SB20260406111 - Improper input validation in Linux kernel accel amdxdna driver
Published: April 6, 2026
Security Bulletin ID
SB20260406111
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2026-23424)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the command buffer payload count handling in accel/amdxdna when parsing input. A local user can provide a specially crafted command buffer with an invalid payload count to cause a denial of service.
The issue is caused by using the count field in the command header to determine the valid payload size without ensuring that the payload does not exceed the remaining buffer space.
Remediation
Install update from vendor's website.