PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45931 Linux CVE debrief

A use-after-free vulnerability in the Linux kernel's AMD XDNA AI accelerator driver (accel/amdxdna) could allow local attackers to trigger system crashes. The flaw occurs when the IOMMU Shared Virtual Address (SVA) unbind operation accesses a memory management (mm) structure that has already been freed. The fix ensures the mm structure reference is held for the entire SVA bind/unbind lifetime by explicitly taking a reference after successful device binding and releasing it only after unbinding completes.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Organizations running Linux systems with AMD XDNA AI accelerator hardware, particularly those in multi-user environments where local access cannot be fully restricted. Cloud providers and HPC facilities offering AMD XDNA-based instances should prioritize kernel updates.

Technical summary

The accel/amdxdna driver in the Linux kernel contains a use-after-free vulnerability in its IOMMU SVA (Shared Virtual Address) handling code. When iommu_sva_unbind_device() is called, it may access the iommu_mm structure after the associated mm (memory management) structure has been freed, leading to a kernel crash. The root cause is improper lifetime management of the mm structure reference across the SVA bind/unbind operations. The resolution adds explicit reference counting: mmget() is called after successful device binding, and mmput() is called only after the device is fully unbound, ensuring the mm structure remains valid throughout the entire SVA lifecycle. This vulnerability affects systems with AMD XDNA AI accelerators and requires local access to trigger.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates containing the referenced stable tree commits when available from your Linux distribution
  • Monitor vendor security advisories for kernel package updates addressing this vulnerability
  • If running systems with AMD XDNA AI accelerators, prioritize patching to prevent potential local denial-of-service conditions
  • Review system logs for any prior crashes in iommu_sva_unbind_device() that may indicate exploitation attempts
  • Consider restricting local access to systems with AMD XDNA hardware until patches can be applied

Evidence notes

The vulnerability description indicates this was discovered through testing that triggered crashes in iommu_sva_unbind_device(). The fix involves proper reference counting of the mm structure across the SVA bind/unbind lifecycle. Three kernel stable tree commits are referenced, suggesting backports to multiple kernel versions.

Official resources

2026-05-27