CVE-2026-23328
Received Received - Intake
NULL Pointer Dereference in Linux Kernel AMD XDNA accel Component

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann mgmt_chann may be set to NULL if the firmware returns an unexpected error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL pointer dereference in aie2_hw_stop(). Fix this by introducing a dedicated helper to destroy mgmt_chann and by adding proper NULL checks before accessing it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23328
EUVD
EUVD-2026-15284
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.14
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.14.1 (inc) to 6.19.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's accel/amdxdna component. It involves a NULL pointer dereference related to the variable mgmt_chann. Specifically, mgmt_chann may be set to NULL if the firmware returns an unexpected error during the function aie2_send_mgmt_msg_wait(). Later, when the function aie2_hw_stop() tries to access mgmt_chann without checking if it is NULL, it can cause a NULL pointer dereference, potentially leading to a crash or other unintended behavior.

The fix involved adding a dedicated helper function to properly destroy mgmt_chann and introducing NULL checks before accessing it to prevent dereferencing a NULL pointer.

Impact Analysis

A NULL pointer dereference in the Linux kernel can cause the affected system to crash or become unstable. This may lead to denial of service conditions where the system or certain functionalities stop working unexpectedly.

Mitigation Strategies

The vulnerability in the Linux kernel related to a NULL pointer dereference in the accel/amdxdna component has been fixed by adding proper NULL checks and a helper to destroy mgmt_chann.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23328. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart