HOMEVULNERABILITIESCVE-2026-23163
NONE

CVE-2026-23163

Published: February 14, 2026· Updated: Feb 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove

On APUs such as Raven and Renoir (GC 9.1.0, 9.2.2, 9.3.0), the ih1 and

ih2 interrupt ring buffers are not initialized. This is by design, as

these secondary IH rings are only available on discrete GPUs. See

vega10_ih_sw_init() which explicitly skips ih1/ih2 initialization when

AMD_IS_APU is set.

However, amdgpu_gmc_filter_faults_remove() unconditionally uses ih1 to

get the timestamp of the last interrupt entry. When retry faults are

enabled on APUs (noretry=0), this function is called from the SVM page

fault recovery path, resulting in a NULL pointer dereference when

amdgpu_ih_decode_iv_ts_helper() attempts to access ih->ring[].

The crash manifests as:

BUG: kernel NULL pointer dereference, address: 0000000000000004

RIP: 0010:amdgpu_ih_decode_iv_ts_helper+0x22/0x40 [amdgpu]

Call Trace:

amdgpu_gmc_filter_faults_remove+0x60/0x130 [amdgpu]

svm_range_restore_pages+0xae5/0x11c0 [amdgpu]

amdgpu_vm_handle_fault+0xc8/0x340 [amdgpu]

gmc_v9_0_process_interrupt+0x191/0x220 [amdgpu]

amdgpu_irq_dispatch+0xed/0x2c0 [amdgpu]

amdgpu_ih_process+0x84/0x100 [amdgpu]

This issue was exposed by commit 1446226d32a4 ("drm/amdgpu: Remove GC HW

IP 9.3.0 from noretry=1") which changed the default for Renoir APU from

noretry=1 to noretry=0, enabling retry fault handling and thus

exercising the buggy code path.

Fix this by adding a check for ih1.ring_size before attempting to use

it. Also restore the soft_ih support from commit dd299441654f ("drm/amdgpu:

Rework retry fault removal"). This is needed if the hardware doesn't

support secondary HW IH rings.

v2: additional updates (Alex)

(cherry picked from commit 6ce8d536c80aa1f059e82184f0d1994436b1d526)

NVD Source

Technical Analysis

CVE-2026-23163 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (4)

Quick Facts

CVE IDCVE-2026-23163
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 14, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23163 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.