Bug 2439853 (CVE-2026-23116)

Summary: CVE-2026-23116 kernel: Kernel: Local denial of service via incorrect VPU power management on i.MX8MQ
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel. On i.MX8MQ platforms, the Video Processing Unit (VPU) power management incorrectly attempts to reset or ungate VPU instances independently. This invalid hardware sequence can be triggered by a local user through driver operations, runtime power management, or multimedia usage. Successful exploitation leads to a full system hang, resulting in a local Denial of Service (DoS).
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-02-14 16:01:52 UTC 
In the Linux kernel, the following vulnerability has been resolved:

pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu

For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset
and clock enable bits, but is ungated and reset together with the VPUs.
So we can't reset G1 or G2 separately, it may led to the system hang.
Remove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data.
Let imx8mq_vpu_power_notifier() do really vpu reset.
Comment 1 Alexander B 2026-02-16 09:49:04 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026021406-CVE-2026-23116-41e5@gregkh/T