CVE-2026-45980 Linux CVE debrief

Who should care

Organizations running Linux systems with AMD XDNA AI accelerators (Ryzen AI, Instinct MI series with XDNA) should prioritize patching. Cloud providers and HPC environments utilizing AMD AI hardware for inference or training workloads are particularly affected. System administrators managing kernel versions with the accel/amdxdna driver enabled should monitor for distribution-specific security updates.

Technical summary

The AMD XDNA AI accelerator driver in the Linux kernel contains a race condition where job scheduling continues while hardware context resources are being released via aie2_release_resource(). This can result in use-after-free conditions and system crashes. The vulnerability is addressed by: (1) stopping job scheduling before calling aie2_release_resource(), (2) restarting scheduling after resource release completes, and (3) adding an active context check in aie2_sched_job_run() to prevent operations on released contexts. The fix involves synchronization changes to prevent concurrent access during the resource lifecycle transition.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable tree commits when available from your Linux distribution
• Monitor vendor security advisories for AMD XDNA driver updates
• Review systems utilizing AMD XDNA AI accelerators for kernel patch status
• Consider disabling AMD XDNA acceleration if not required and patches are unavailable

Evidence notes

Vulnerability disclosed via Linux kernel stable tree commits on 2026-05-27. The issue affects the AMD XDNA AI accelerator driver subsystem. Three stable kernel commits provided as references. No CVSS score assigned by NVD at time of disclosure (status: Awaiting Analysis). Not listed in CISA KEV catalog.

Official resources