{"id":"CVE-2026-23288","summary":"accel/amdxdna: Fix out-of-bounds memset in command slot handling","details":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix out-of-bounds memset in command slot handling\n\nThe remaining space in a command slot may be smaller than the size of\nthe command header. Clearing the command header with memset() before\nverifying the available slot space can result in an out-of-bounds write\nand memory corruption.\n\nFix this by moving the memset() call after the size validation.","modified":"2026-04-02T13:12:20.026012Z","published":"2026-03-25T10:26:47.458Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23288.json","cna_assigner":"Linux"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1110a949675ebd56b3f0286e664ea543f745801c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cca770d710d5e03bc814af585cd6975eb6d74074"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23288.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23288"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"13ae1a6000f7d8b09478e3128e87d45e89c7282f"},{"fixed":"cca770d710d5e03bc814af585cd6975eb6d74074"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3d32eb7a5ecff92d83a5fd34c45c171c17d3d5d0"},{"fixed":"1110a949675ebd56b3f0286e664ea543f745801c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23288.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23288.json"}}],"schema_version":"1.7.5"}