CVE-2026-23424
Buffer Overflow in Linux amdxdna Accelerator Command Buffer
Publication date: 2026-04-03
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.14 |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.14.1 (inc) to 6.18.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel relates to the accel/amdxdna component where the command buffer payload count was not properly validated. Specifically, the count field in the command header, which determines the valid payload size, was not checked to ensure that the payload size does not exceed the remaining buffer space. This could lead to improper handling of buffer sizes.
How can this vulnerability impact me? :
If exploited, this vulnerability could potentially allow an attacker to cause buffer overflows or memory corruption by sending a command with a payload size larger than the allocated buffer space. This could lead to system instability, crashes, or potentially allow execution of arbitrary code within the kernel context.