Cyber Resilience

CVE-2026-23288

HighUpdated

Published: 25 March 2026

Published
25 March 2026
Modified
29 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23288 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-23288 is a memory corruption vulnerability in the Linux kernel's accel/amdxdna driver, which handles command slots for AMD XDNA accelerators. The issue arises when the remaining space in a command slot is smaller than the size of the command header, but a memset() operation clears the header before validating the available slot space. This leads to an out-of-bounds write, potentially corrupting adjacent memory.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables high-impact confidentiality, integrity, and availability violations, such as arbitrary code execution, privilege escalation, or system denial of service through memory corruption.

The provided patch commits on git.kernel.org address the issue by relocating the memset() call to after the size validation check, ensuring the operation only occurs when sufficient slot space is confirmed. The fixes are available at https://git.kernel.org/stable/c/1110a949675ebd56b3f0286e664ea543f745801c and https://git.kernel.org/stable/c/cca770d710d5e03bc814af585cd6975eb6d74074.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix out-of-bounds memset in command slot handling The remaining space in a command slot may be smaller than the size of the command header. Clearing the command header with…

more

memset() before verifying the available slot space can result in an out-of-bounds write and memory corruption. Fix this by moving the memset() call after the size validation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local memory corruption in kernel driver directly enables privilege escalation via out-of-bounds write leading to arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-43048Same product: Linux Linux Kernel
CVE-2026-23406Same product: Linux Linux Kernel
CVE-2024-57998Same product: Linux Linux Kernel
CVE-2026-31641Same product: Linux Linux Kernel
CVE-2026-23099Same product: Linux Linux Kernel
CVE-2026-31675Same product: Linux Linux Kernel
CVE-2026-31570Same product: Linux Linux Kernel
CVE-2026-23407Same product: Linux Linux Kernel
CVE-2025-71112Same product: Linux Linux Kernel
CVE-2026-43025Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 6.19.4 — 6.19.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through kernel patching directly eliminates the out-of-bounds memset vulnerability in the amdxdna driver.

prevent

Memory protection mechanisms such as KASLR and SMEP prevent exploitation of memory corruption via out-of-bounds writes in kernel drivers.

prevent

Validating command slot inputs, including size checks before memory operations, addresses the root cause of insufficient space validation leading to corruption.

References