CVE-2026-23264
Analyzed Analyzed - Analysis Complete
Use-After-Free in Linux AMDGPU Driver Causes System Crashes

Publication date: 2026-03-18

Last updated on: 2026-05-29

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after commit 0ab5d711ec74 ("drm/amd: Refactor `amdgpu_aspm` to be evaluated per device") removed it, leading to very hard to debug crashes, when used with a system with two AMD GPUs of which only one supports ASPM. (cherry picked from commit 97a9689300eb2b393ba5efc17c8e5db835917080)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-05-29
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23264
EUVD
EUVD-2026-12903
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.7 (inc) to 6.12.70 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.124 (exc)
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.10 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.18 (inc) to 6.1.163 (exc)
linux linux_kernel From 5.15.54 (inc) to 5.16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel where a specific commit related to AMD GPU power management (ASPM) was reverted incorrectly. The reverted commit was meant to check if ASPM (Active State Power Management) is enabled from the PCIe subsystem. After a later commit removed this check, the reverted commit was mistakenly applied again, causing very hard to debug crashes on systems with two AMD GPUs when only one supports ASPM.

Impact Analysis

The vulnerability can cause very hard to debug system crashes on machines that have two AMD GPUs where only one of the GPUs supports ASPM. This can lead to system instability and potential downtime.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23264. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart