#VU124573 Empty Exception Block in Linux kernel - CVE-2026-23295
Published: March 25, 2026
Vulnerability identifier: #VU124573
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23295
CWE-ID: CWE-1069
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a deadlock condition in the AMDXDNA driver when handling IOCTL queries during device suspend and resume operations. A local user can issue a specially crafted IOCTL request during an auto-suspend cycle to trigger a deadlock, resulting in a denial of service.
The system must be in the process of suspending or resuming, and the attacker must have access to the device interface.
Remediation
Install security update from vendor's repository.