CVE-2026-23288

EUVD-2026-15216
In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Fix out-of-bounds memset in command slot handling

The remaining space in a command slot may be smaller than the size of
the command header. Clearing the command header with memset() before
verifying the available slot space can result in an out-of-bounds write
and memory corruption.

Fix this by moving the memset() call after the size validation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.19.4 ≤
𝑥
< 6.19.7
linuxlinux_kernel
7.0:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.94-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/1110a949675ebd56b3f0286e664ea543f745801c
https://git.kernel.org/stable/c/cca770d710d5e03bc814af585cd6975eb6d74074