Main Vulnerability Database Vulnerabilities #VU124179

Type conversion in Linux kernel - CVE-2026-23264

Published: March 20, 2026

Vulnerability identifier: #VU124179

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23264

CWE-ID: CWE-704

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service, escalate privileges, or execute arbitrary code.

The vulnerability exists due to improper logic in the DRM/AMD GPU driver when handling PCIe ASPM (Active State Power Management) configuration for multi-GPU systems. A local user can trigger incorrect ASPM state evaluation on a system with multiple AMD GPUs where only one supports ASPM, leading to system crashes or instability that may be exploited to escalate privileges or execute arbitrary code.

The vulnerability specifically affects systems with two AMD GPUs where only one supports ASPM, and the flaw arises from reintroducing a previously reverted commit that did not account for per-device ASPM evaluation.

How to mitigate CVE-2026-23264

Install security update from vendor's repository.

Type conversion in Linux kernel - CVE-2026-23264

Detailed vulnerability description

How to mitigate CVE-2026-23264

Sources

Please verify you're human