CVE-2026-23338Improper Validation of Specified Quantity in Input in Linux

CWE-1284Improper Validation of Specified Quantity in Input8 documents7 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 94.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too small num_fences, or the required number can legitimately grow between the two calls to the userq wait ioctl. In both cases we do not want the emit the kernel warning backtrace since nothing is wrong with the kernel and userspace will simply get an errno reported back. So lets simply drop the WARN_ONs.

Affected Packages3 packages

Linuxlinux/linux_kernel6.16.06.18.17+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxa292fdecd72834b3bec380baa5db1e69e7f706791753f5f81ab60a553287f9ee659a6ac363adf8d7+3

🔴Vulnerability Details

4
OSV
drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings2026-03-25
CVEList
drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings2026-03-25
OSV
CVE-2026-23338: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Users2026-03-25
GHSA
GHSA-ggpq-p67g-h639: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Use2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings2026-03-25
Debian
CVE-2026-23338: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23338 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23338 — Linux vulnerability | cvebase