🟡 Medium | Source: Microsoft Security Response Center
CVE-2026-23213 is a vulnerability in the AMD GPU driver component (drm/amd/pm) affecting the SMU (System Management Unit) Mode 1 reset process, where MMIO (Memory-Mapped I/O) access is not properly disabled during the reset sequence. This flaw could allow unintended memory access during a critical hardware reset phase, potentially leading to information disclosure or system instability. The issue is relevant to Azure workloads running on hardware with AMD GPUs, such as GPU-accelerated virtual machines.
Security Architect’s Take: Identify any Azure VM SKUs in your environment that leverage AMD GPU hardware (e.g. NVv4-series) and ensure the latest kernel and driver patches are applied promptly; consider temporarily restricting GPU-accelerated workloads to Intel-based SKUs if patching cannot be expedited.
Original advisory: CVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 reset