CVE-2026-23338
Received Received - Intake
Kernel Warning Suppression Flaw in Linux AMDGPU DRM User Queue

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too small num_fences, or the required number can legitimately grow between the two calls to the userq wait ioctl. In both cases we do not want the emit the kernel warning backtrace since nothing is wrong with the kernel and userspace will simply get an errno reported back. So lets simply drop the WARN_ONs. (cherry picked from commit 2c333ea579de6cc20ea7bc50e9595ef72863e65c)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2026-03-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23338
EUVD
EUVD-2026-15304
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.16
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.16.1 (inc) to 6.18.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's drm/amdgpu/userq component. It involves userspace being able to trigger kernel warnings trivially by passing a too small num_fences value or when the required number of fences legitimately grows between two calls to the userq wait ioctl.

The issue is that these conditions cause kernel warnings and backtraces to be emitted, even though nothing is actually wrong with the kernel itself. The fix was to remove these WARN_ONs so that userspace simply receives an errno error code instead of triggering kernel warnings.


How can this vulnerability impact me? :

This vulnerability can cause unnecessary kernel warnings and backtraces to be generated when userspace applications interact with the drm/amdgpu/userq interface. While this does not indicate a kernel fault, it can lead to confusion, cluttered logs, and potentially impact system stability or debugging processes.

The fix prevents these trivial warnings, ensuring that userspace only receives appropriate error codes without causing kernel warnings.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by removing kernel warnings triggered by userspace in the drm/amdgpu/userq component of the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix (cherry picked from commit 2c333ea579de6cc20ea7bc50e9595ef72863e65c).


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart