Out-of-bounds write in Linux kernel - CVE-2026-23288
Published: March 25, 2026
Vulnerability identifier: #VU124579
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23288
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause memory corruption and potentially execute arbitrary code.
The vulnerability exists due to an out-of-bounds write in the accel/amdxdna component when handling command slots. A local user can trigger a specially crafted sequence of operations to cause an out-of-bounds memset operation prior to size validation, resulting in memory corruption.
The issue arises because the command header is cleared using memset() before validating that sufficient space is available in the command slot, which may lead to writing beyond the allocated bounds.
How to mitigate CVE-2026-23288
Install security update from vendor's repository.