CVE-2026-45947
Analyzed Analyzed - Analysis Complete
Memory Leak in AMDGPU Linux Kernel Driver

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() In amdgpu_acpi_enumerate_xcc(), if amdgpu_acpi_dev_init() returns -ENOMEM, the function returns directly without releasing the allocated xcc_info, resulting in a memory leak. Fix this by ensuring that xcc_info is properly freed in the error paths. Compile tested only. Issue found using a prototype static analysis tool and code review.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45947
EUVD
EUVD-2026-32231
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.14 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.5 (inc) to 6.6.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability is a memory leak in the Linux kernel's amdgpu driver related to the function amdgpu_acpi_enumerate_xcc(). It is not directly detectable via network monitoring or simple system commands because it involves internal kernel memory management.

Detection would typically require code analysis or monitoring for unusual memory usage patterns related to the amdgpu driver, but no specific commands or network-based detection methods are provided.

Executive Summary

This vulnerability is a memory leak in the Linux kernel's amdgpu driver, specifically in the function amdgpu_acpi_enumerate_xcc().

If the function amdgpu_acpi_dev_init() returns an error code indicating insufficient memory (-ENOMEM), the function returns immediately without freeing the previously allocated xcc_info structure.

This causes a memory leak because allocated memory is not properly released in the error path.

The fix ensures that xcc_info is properly freed when errors occur to prevent this leak.

Impact Analysis

This vulnerability can lead to a memory leak in the Linux kernel when using the amdgpu driver.

Over time, repeated triggering of this issue could cause increased memory consumption, potentially degrading system performance or causing instability.

However, the issue occurs only in a specific error condition related to memory allocation failure in amdgpu_acpi_dev_init().

Mitigation Strategies

The vulnerability has been fixed by ensuring proper freeing of allocated memory in the error paths of the amdgpu_acpi_enumerate_xcc() function.

Immediate mitigation steps include updating the Linux kernel to a version that includes this fix.

Since this is a memory leak in kernel code, avoiding use of vulnerable kernel versions or applying vendor patches is the recommended approach.

Compliance Impact

The vulnerability described is a memory leak in the Linux kernel's amdgpu driver. There is no information provided about any impact on data confidentiality, integrity, or availability that would relate to compliance with standards such as GDPR or HIPAA.

Since the issue is a memory leak without further details on data exposure or unauthorized access, it does not directly indicate an effect on compliance with common regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45947. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart