PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23469 Linux CVE debrief

A race condition in the Linux kernel's Imagination DRM driver can cause kernel panics when the GPU enters runtime power management suspend while an interrupt handler is active on another CPU core. The vulnerability stems from the runtime PM suspend callback failing to synchronize with in-progress IRQ handlers before powering down the GPU. When this race occurs, the IRQ handler may attempt to access GPU registers after the device has been suspended, triggering an SError interrupt and kernel panic. The issue affects Linux kernel versions 6.8 through 6.18.19, 6.19 through 6.19.9, and 7.0-rc1 through 7.0-rc4. The fix adds synchronize_irq() calls in the power-off sequence to wait for IRQ handlers to complete, and removes problematic runtime PM resume/put calls from the threaded IRQ handler that could cause deadlocks.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 4.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-03
Original CVE updated
2026-05-26
Advisory published
2026-04-03
Advisory updated
2026-05-26

Who should care

Organizations running Linux kernel 6.8 or later on ARM64 platforms with Imagination PowerVR GPUs, particularly embedded systems using runtime power management (e.g., Texas Instruments AM68 SK and similar industrial/edge platforms)

Technical summary

The Imagination DRM driver in the Linux kernel contains a race condition between the runtime power management (PM) suspend callback and the GPU's interrupt handler. The suspend callback does not synchronize with IRQ handlers running on other CPU cores before powering down the GPU. This can result in the IRQ handler executing GPU register accesses after the device has been suspended, causing asynchronous SError interrupts and kernel panics. The crash signature shows the fault occurring in pvr_riscv_irq_pending() during the threaded IRQ handler execution. The fix implements proper IRQ synchronization using synchronize_irq() in the power-off sequence and removes incorrect runtime PM resume/put calls from the IRQ handler that could introduce deadlocks.

Defensive priority

medium

Recommended defensive actions

  • Apply official kernel patches from stable branches to affected systems running Linux kernel 6.8+ with Imagination GPU support
  • Prioritize patching systems utilizing runtime power management on platforms with Imagination GPUs (e.g., TI AM68 SK)
  • Monitor kernel logs for SError interrupts or GPU-related crashes as indicators of potential exploitation of this race condition
  • Consider disabling runtime power management for the GPU as a temporary mitigation if patching is not immediately feasible, accepting increased power consumption
  • Review system stability after kernel updates, particularly on ARM64 platforms with Imagination PowerVR GPUs

Evidence notes

CVE published 2026-04-03; NVD entry modified 2026-05-26. Official kernel patches available via git.kernel.org stable branches. CVSS 4.7 (MEDIUM) with vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization). Affected versions confirmed via NVD CPE criteria: 6.8 to 6.18.19, 6.19 to 6.19.9, and 7.0-rc1 through rc4.

Official resources

2026-04-03