DEBIAN-CVE-2026-23116

DEBIAN-CVE-2026-23116 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and reset together with the VPUs. So we can't reset G1 or G2 separately, it may led to the system hang. Remove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data. Let imx8mq_vpu_power_notifier() do really vpu reset.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	linux	6.1.106-2, 6.1.106-3, 6.1.112-1
Debian:13	linux	0, 6.12.38-1, 6.12.41-1
Debian:14	linux	6.16.11-1, 6.16.12-1, 6.16.12-1

Exploit Intelligence

4081.3.7.yml (github-poc)

Timeline

Feb 14, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-23116 advisory

Open in Interactive Console →