Main Vulnerability Database Vulnerabilities #VU124179

#VU124179 Type conversion in Linux kernel - CVE-2026-23264

Published: March 20, 2026

Vulnerability identifier: #VU124179

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23264

CWE-ID: CWE-704

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to cause a denial of service, escalate privileges, or execute arbitrary code.

The vulnerability exists due to improper logic in the DRM/AMD GPU driver when handling PCIe ASPM (Active State Power Management) configuration for multi-GPU systems. A local user can trigger incorrect ASPM state evaluation on a system with multiple AMD GPUs where only one supports ASPM, leading to system crashes or instability that may be exploited to escalate privileges or execute arbitrary code.

The vulnerability specifically affects systems with two AMD GPUs where only one supports ASPM, and the flaw arises from reintroducing a previously reverted commit that did not account for per-device ASPM evaluation.

Remediation

Install security update from vendor's repository.

#VU124179 Type conversion in Linux kernel - CVE-2026-23264

Description

Remediation

External links

Please verify you're human