Login Sign Up

CVE-2026-23190

N/A Unknown
Denial of Service

📋 TL;DR

A memory leak vulnerability exists in the AMD ACP3x PDM DMA operations driver in the Linux kernel. This vulnerability allows attackers to cause denial of service through resource exhaustion by repeatedly triggering the vulnerable code path. Systems running affected Linux kernel versions with AMD ACP3x audio hardware are impacted.

💻 Affected Systems

Products:
  • Linux kernel with AMD ACP3x audio driver
Versions: Specific kernel versions containing the vulnerable code (exact range requires checking git commits)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires AMD ACP3x audio hardware and the corresponding driver to be loaded/used.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

System becomes unresponsive or crashes due to memory exhaustion, potentially requiring physical reboot and causing service disruption.

🟠

Likely Case

Gradual performance degradation over time as memory is leaked, eventually leading to application failures or system instability.

🟢

If Mitigated

Minimal impact with proper monitoring and restart procedures in place; memory leaks would be detected before causing critical failures.

🌐 Internet-Facing: LOW - Requires local access or specific hardware interaction; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Could be triggered by local users or applications using affected audio hardware, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the specific PDM DMA operations path, likely through audio-related system calls or applications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits (0e0120214b5dcb0bf6b2171bb4e68e38968b2861 and related)

Vendor Advisory: https://git.kernel.org/stable/c/0e0120214b5dcb0bf6b2171bb4e68e38968b2861

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable AMD ACP3x audio driver

Linux

Prevent loading of the vulnerable driver module

echo 'blacklist snd_soc_acp3x_pdm_dma' >> /etc/modprobe.d/blacklist.conf
rmmod snd_soc_acp3x_pdm_dma

🧯 If You Can't Patch

  • Monitor system memory usage for unusual increases and restart services if leaks are detected.
  • Restrict access to audio-related system calls for untrusted users.

🔍 How to Verify

Check if Vulnerable:

Check if AMD ACP3x audio driver is loaded: lsmod | grep acp3x

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: git log --oneline | grep -E '0e0120214b5dcb0bf6b2171bb4e68e38968b2861|279cb9180510f7e13c3a4dfde8c16a8fbc7c5709'

📡 Detection & Monitoring

Log Indicators:

  • Kernel OOM (Out of Memory) messages in /var/log/kern.log
  • Increasing memory usage without corresponding process growth

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kern.log" AND "Out of memory" OR "kernel: Out of memory"

📊 Metadata

CVE ID: CVE-2026-23190
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON