CVE-2026-23163
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's AMD GPU driver allows local attackers to cause a kernel panic and system crash on affected APU systems. This affects Linux systems with AMD Raven or Renoir APUs (GC 9.1.0, 9.2.2, 9.3.0) when retry fault handling is enabled. The vulnerability was exposed by a configuration change that enabled retry fault handling by default on Renoir APUs.
💻 Affected Systems
- Linux kernel with AMD GPU driver (amdgpu)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially causing data loss or corruption if the system is performing critical operations.
Likely Case
System crash when the vulnerable code path is triggered during GPU operations, resulting in denial of service requiring system reboot.
If Mitigated
No impact if the system is patched or if retry fault handling is disabled via noretry=1 parameter.
🎯 Exploit Status
Requires local access and ability to trigger GPU operations that exercise the SVM page fault recovery path. The vulnerability is triggered during normal GPU operation when retry faults are enabled.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commit 6ce8d536c80aa1f059e82184f0d1994436b1d526 or later
Vendor Advisory: https://git.kernel.org/stable/c/7611d7faccc1218be477671f892a89b25c0cb352
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commit 6ce8d536c80aa1f059e82184f0d1994436b1d526
2. Rebuild kernel modules if using DKMS
3. No system reboot required for kernel module reload, but GPU driver will need to be reloaded
🔧 Temporary Workarounds
Disable retry fault handling
allSet noretry=1 kernel parameter to disable retry fault handling, which prevents the vulnerable code path from being executed.
Add 'amdgpu.noretry=1' to kernel boot parameters in GRUB configuration
🧯 If You Can't Patch
- Apply the workaround to disable retry fault handling via kernel parameter
- Restrict local user access to systems with vulnerable configurations
🔍 How to Verify
Check if Vulnerable:
Check if system has AMD Raven or Renoir APU and if retry fault handling is enabled. Run: 'lspci | grep -i amd' and check kernel boot parameters for 'amdgpu.noretry=0' or absence of 'amdgpu.noretry=1'Check Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commit: 'uname -r' and verify with distribution's patch notes. Also verify the amdgpu module is loaded from patched kernel.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'amdgpu_ih_decode_iv_ts_helper' or 'NULL pointer dereference' in amdgpu module
- System crash/reboot logs following GPU-intensive operations
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
kernel:panic AND (amdgpu OR "NULL pointer dereference")