CVE-2026-23338 — Vulnetix

CVE-2026-23338 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too small num_fences, or the required number can legitimately grow between the two calls to the userq wait ioctl. In both cases we do not want the emit the kernel warning backtrace since nothing is wrong with the kernel and userspace will simply get an errno reported back. So lets simply drop the WARN_ONs. (cherry picked from commit 2c333ea579de6cc20ea7bc50e9595ef72863e65c)

EPSS 0.02% · 4.6th percentile

Risk Scores

EPSS Score

0.02%

4.6th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.16, 6.16, 6.16
Linux	Linux	a292fdecd72834b3bec380baa5db1e69e7f70679, a292fdecd72834b3bec380baa5db1e69e7f70679, 6.16

Exploit Intelligence

CIRCL seen: CVE-2026-23338 (circl-sighting)
https://git.kernel.org/stable/c/1753f5f81ab60a553287f9ee659a6ac363adf8d7 (circl)
https://git.kernel.org/stable/c/7321302edca3a349ddaea689df95b986beee6c4a (circl)
https://git.kernel.org/stable/c/7b7d7693a55d606d700beb9549c9f7f0e5d9c24f (circl)

Timeline

Mar 25, 2026 EPSS Score
Mar 25, 2026 Coalition ESS Score
Mar 25, 2026 CVE Published
Mar 29, 2026 Security Advisory
Mar 30, 2026 PoC Published
Apr 23, 2026 CVE Updated
May 18, 2026 EPSS Score
May 19, 2026 EPSS Score
May 20, 2026 EPSS Score
May 21, 2026 EPSS Score
May 22, 2026 EPSS Score
May 23, 2026 EPSS Score

References

Open in Interactive Console →