{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23424", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.015Z", "datePublished": "2026-04-03T13:24:32.622Z", "dateUpdated": "2026-04-03T13:24:32.622Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T13:24:32.622Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Validate command buffer payload count\n\nThe count field in the command header is used to determine the valid\npayload size. Verify that the valid payload does not exceed the remaining\nbuffer space."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/amdxdna_ctx.c"], "versions": [{"version": "aac243092b707bb3018e951d470cc1a9bcbaba6c", "lessThan": "3464e751755172ddbb849c1bd92f5f59e95c59a1", "status": "affected", "versionType": "git"}, {"version": "aac243092b707bb3018e951d470cc1a9bcbaba6c", "lessThan": "3ed2ae6b3fe869f99b75afd02045ba5c0c0773e2", "status": "affected", "versionType": "git"}, {"version": "aac243092b707bb3018e951d470cc1a9bcbaba6c", "lessThan": "901ec3470994006bc8dd02399e16b675566c3416", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/amdxdna_ctx.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3464e751755172ddbb849c1bd92f5f59e95c59a1"}, {"url": "https://git.kernel.org/stable/c/3ed2ae6b3fe869f99b75afd02045ba5c0c0773e2"}, {"url": "https://git.kernel.org/stable/c/901ec3470994006bc8dd02399e16b675566c3416"}], "title": "accel/amdxdna: Validate command buffer payload count", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Validate command buffer payload count\n\nThe count field in the command header is used to determine the valid\npayload size. Verify that the valid payload does not exceed the remaining\nbuffer space."}], "id": "CVE-2026-23424", "lastModified": "2026-04-03T16:10:23.730", "metrics": {}, "published": "2026-04-03T14:16:28.623", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3464e751755172ddbb849c1bd92f5f59e95c59a1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3ed2ae6b3fe869f99b75afd02045ba5c0c0773e2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/901ec3470994006bc8dd02399e16b675566c3416"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: accel/amdxdna: Validate command buffer payload count", "id": "2454768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454768"}, "csaw": false, "cwe": "CWE-787", "details": ["A flaw was found in the Linux kernel's accel/amdxdna component. This vulnerability arises from inadequate validation of the command buffer payload count, where the system fails to verify that the payload size does not exceed the available buffer space. An attacker could exploit this by providing a specially crafted command, potentially leading to memory corruption and system instability."], "name": "CVE-2026-23424", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23424\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23424\nhttps://lore.kernel.org/linux-cve-announce/2026040305-CVE-2026-23424-7b21@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[aac243092b707bb3018e951d470cc1a9bcbaba6c,3464e751755172ddbb849c1bd92f5f59e95c59a1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[aac243092b707bb3018e951d470cc1a9bcbaba6c,3ed2ae6b3fe869f99b75afd02045ba5c0c0773e2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[aac243092b707bb3018e951d470cc1a9bcbaba6c,901ec3470994006bc8dd02399e16b675566c3416)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.14"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc2,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-03T17:36:01.150245+00:00", "value": {"mitigation_remediation": ["Apply a Linux kernel update that includes the accel/amdxdna command buffer count validation fix", "Verify the running kernel version contains the commit that fixed the issue", "If an immediate kernel upgrade is not possible, restrict access to the AMD/XDNA device to trusted users and monitor system logs for anomalies"], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in any Linux kernel build that contains the accel/amdxdna module before the validation fix. The CVE data does not list specific release numbers, so all kernel versions that include the affected code path remain susceptible until the kernel is updated to a version with the patched command buffer count check. Administrators should determine whether their current kernel contains the commit referenced in the CVE and apply updates accordingly.", "description_and_impact": "A flaw in the AMD/XDNA acceleration component of the Linux kernel permits an attacker to supply a command header with an unvalidated payload count. If the specified count exceeds the actual space available, the kernel may write beyond the intended buffer boundary, corrupting memory and potentially causing a kernel crash or reboot. The primary consequence is loss of availability, as the system or resident services could abruptly stop.", "risk_and_exploitability": "No CVSS or EPSS score is provided, and the vulnerability is not listed in the CISA KEV catalog, indicating that no active exploitation has been publicly reported. Based on the description, it is inferred that an attacker would need to interact with the AMD/XDNA driver, which usually requires local or privileged access. Because the exact conditions for a successful overflow are not documented, the likelihood of exploitation cannot be precisely assessed, but any successful overflow would likely result in a kernel crash."}}}}, "created": "2026-04-03T21:14:14.767112+00:00", "updated": "2026-04-03T21:16:30.522504+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-119"]}