{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23280", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:41.088Z", "dateUpdated": "2026-05-11T22:03:48.688Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:03:48.688Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Prevent ubuf size overflow\n\nThe ubuf size calculation may overflow, resulting in an undersized\nallocation and possible memory corruption.\n\nUse check_add_overflow() helpers to validate the size calculation before\nallocation."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/amdxdna_ubuf.c"], "versions": [{"version": "bd72d4acda1069579b35123e3cc0b21ec1193a21", "lessThan": "1500b31db94374a6669e73ce94d6f71cf8e85e06", "status": "affected", "versionType": "git"}, {"version": "bd72d4acda1069579b35123e3cc0b21ec1193a21", "lessThan": "972bf4a23478fcb247b4f507d47a584bc8aea5bd", "status": "affected", "versionType": "git"}, {"version": "bd72d4acda1069579b35123e3cc0b21ec1193a21", "lessThan": "03808abb1d868aed7478a11a82e5bb4b3f1ca6d6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/accel/amdxdna/amdxdna_ubuf.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1500b31db94374a6669e73ce94d6f71cf8e85e06"}, {"url": "https://git.kernel.org/stable/c/972bf4a23478fcb247b4f507d47a584bc8aea5bd"}, {"url": "https://git.kernel.org/stable/c/03808abb1d868aed7478a11a82e5bb4b3f1ca6d6"}], "title": "accel/amdxdna: Prevent ubuf size overflow", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Prevent ubuf size overflow\n\nThe ubuf size calculation may overflow, resulting in an undersized\nallocation and possible memory corruption.\n\nUse check_add_overflow() helpers to validate the size calculation before\nallocation."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\naccel/amdxdna: Prevenir desbordamiento del tama\u00f1o de ubuf\n\nEl c\u00e1lculo del tama\u00f1o de ubuf puede desbordarse, resultando en una asignaci\u00f3n de tama\u00f1o insuficiente y posible corrupci\u00f3n de memoria.\n\nUsar ayudantes check_add_overflow() para validar el c\u00e1lculo del tama\u00f1o antes de la asignaci\u00f3n."}], "id": "CVE-2026-23280", "lastModified": "2026-04-02T15:16:30.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-03-25T11:16:22.523", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/03808abb1d868aed7478a11a82e5bb4b3f1ca6d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1500b31db94374a6669e73ce94d6f71cf8e85e06"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/972bf4a23478fcb247b4f507d47a584bc8aea5bd"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: accel/amdxdna: Prevent ubuf size overflow", "id": "2451197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451197"}, "csaw": false, "cwe": "CWE-190", "details": ["A flaw was found in the Linux kernel's accel/amdxdna component. The calculation for the ubuf size may overflow, leading to an undersized memory allocation. This can result in memory corruption, potentially allowing an attacker to cause a denial of service or execute arbitrary code."], "name": "CVE-2026-23280", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23280\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23280\nhttps://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23280-cd9e@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bd72d4acda1069579b35123e3cc0b21ec1193a21,1500b31db94374a6669e73ce94d6f71cf8e85e06)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bd72d4acda1069579b35123e3cc0b21ec1193a21,972bf4a23478fcb247b4f507d47a584bc8aea5bd)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[bd72d4acda1069579b35123e3cc0b21ec1193a21,03808abb1d868aed7478a11a82e5bb4b3f1ca6d6)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc2,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-02T17:36:14.748606+00:00", "value": {"mitigation_remediation": ["Apply a Linux kernel release that contains the check_add_overflow patch", "Verify that the kernel version is newer than the commit that added the fix", "Reboot the system after updating the kernel to ensure the updated modules are used", "Check system logs for any failures or corruption messages related to the accelerator driver"], "summary": {"action": "Patch", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "Affected is the Linux kernel, specifically the accel/amdxdna code path. Any kernel version released before the commit that introduces check_add_overflow is vulnerable. Users should verify that their kernel includes the patch or that the kernel version is newer than the fix commit.", "description_and_impact": "The vulnerability exists in the Linux kernel component accel/amdxdna, where an integer overflow can occur during the calculation of the ubuf size. This overflow produces an undersized allocation and can lead to kernel memory corruption as described in the CVE. The weakness is identified as an integer over\u2011flow condition, CWE\u2011190.", "risk_and_exploitability": "The CVSS base score of 7.8 indicates high severity, while the EPSS score of less than 1\u202f% suggests that exploitation is currently unlikely. The vulnerability is not present in the CISA KEV catalog. Based on the description, the likely required condition is local or privileged access to the AMD DNA accelerator driver or the ability to load code that interacts with the vulnerable memory calculation. A remote attacker would need an additional vector to gain kernel execution, so direct exploitation is not straightforward. The high score and memory corruption nature warrant timely remediation."}}}}, "created": "2026-03-25T21:15:50.270391+00:00", "updated": "2026-04-02T20:23:11.757200+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}