Cryptographic Issues in Linux kernel - CVE-2026-23338

 

Cryptographic Issues in Linux kernel - CVE-2026-23338

Published: March 25, 2026


Vulnerability identifier: #VU124509
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23338
CWE-ID: CWE-310
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper input validation in the drm/amdgpu/userq component when handling ioctl calls with a too small num_fences parameter. A local user can provide a specially crafted input to cause the kernel to emit warnings, leading to unnecessary logging and potential system disruption.

The attacker needs local system access and no additional privileges or user interaction beyond the ability to invoke the vulnerable ioctl.


How to mitigate CVE-2026-23338

Install security update from vendor's repository.

Sources