#VU124947 Improper input validation in Linux kernel - CVE-2026-23424
Published: April 6, 2026
Vulnerability identifier: #VU124947
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23424
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the command buffer payload count handling in accel/amdxdna when parsing input. A local user can provide a specially crafted command buffer with an invalid payload count to cause a denial of service.
The issue is caused by using the count field in the command header to determine the valid payload size without ensuring that the payload does not exceed the remaining buffer space.
Remediation
Install security update from vendor's repository.