PatchSiren cyber security CVE debrief
CVE-2026-23280 Linux CVE debrief
CVE-2026-23280 is a Linux kernel vulnerability in the accel/amdxdna path where a ubuf size calculation can overflow before allocation. That can lead to an undersized allocation and possible memory corruption. NVD marks the issue as HIGH severity with local attack conditions and references upstream kernel patches that add overflow checking.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-05-22
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-05-22
Who should care
Linux kernel maintainers, distro security teams, and organizations running affected kernel builds on systems using AMD XDNA accelerator support should prioritize this issue. It is also relevant to any security team responsible for endpoints or servers where local kernel compromise or memory corruption would be high impact.
Technical summary
The reported flaw is an integer overflow in ubuf size computation in the Linux kernel's accel/amdxdna code. If the calculated size wraps, the code may allocate less memory than intended and then operate on that undersized buffer, creating a memory corruption risk. NVD lists affected Linux kernel ranges as 6.18 up to but not including 6.18.17, 6.19 up to but not including 6.19.7, and 7.0-rc1. The upstream fixes referenced by NVD use check_add_overflow() helpers to validate the size calculation before allocation.
Defensive priority
High. The issue is locally exploitable per the CVSS vector and can lead to memory corruption in kernel space, which can have severe confidentiality, integrity, and availability consequences. Patch priority should be elevated for systems running affected kernel versions, especially where AMD XDNA support is present or kernel hardening posture is a concern.
Recommended defensive actions
- Upgrade to a kernel release that includes the upstream fix referenced by the official patch links.
- For supported distributions, install the vendor backport that corresponds to the affected kernel branch.
- Verify whether any deployed kernels fall within the affected ranges listed by NVD: 6.18 through <6.18.17, 6.19 through <6.19.7, and 7.0-rc1.
- Prioritize hosts that use or expose AMD XDNA accelerator functionality.
- Monitor kernel vendor advisories and changelogs for the amdxdna overflow fix and confirm remediation in build pipelines.
Evidence notes
The description and severity are taken from the supplied NVD record. NVD classifies the issue as analyzed and links three official kernel patch references on git.kernel.org. The affected version ranges are taken from the NVD CPE criteria included in the source corpus. No exploit mechanism beyond the described size overflow and possible memory corruption is asserted here.
Official resources
-
CVE-2026-23280 CVE record
CVE.org
-
CVE-2026-23280 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
CVE-2026-23280 was published on 2026-03-25 and last modified on 2026-05-22 in the supplied NVD source. The official record references upstream Linux kernel patches on git.kernel.org for remediation.