CVE-2026-53121
Awaiting Analysis Awaiting Analysis - Queue

Memory Leak in Linux Kernel amd-pstate Driver

Vulnerability report for CVE-2026-53121, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-14

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: amd-pstate: Fix memory leak in amd_pstate_epp_cpu_init() On failure to set the epp, the function amd_pstate_epp_cpu_init() returns with an error code without freeing the cpudata object that was allocated at the beginning of the function. Ensure that the cpudata object is freed before returning from the function. This memory leak was discovered by Claude Opus 4.6 with the aid of Chris Mason's AI review-prompts (https://github.com/masoncl/review-prompts/tree/main/kernel).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

The impact of this vulnerability is a memory leak in the Linux kernel. Over time, repeated failures in setting the epp could cause the system to consume more memory than necessary, potentially leading to reduced system performance or stability issues due to exhausted memory resources.

Mitigation Strategies

The vulnerability is a memory leak in the amd_pstate_epp_cpu_init() function of the Linux kernel related to amd-pstate. To mitigate this vulnerability, you should update your Linux kernel to a version where this issue has been fixed.

Since the issue occurs when the function fails to set the epp and does not free allocated memory, applying the patch or upgrading to the fixed kernel version will ensure the cpudata object is properly freed, preventing the memory leak.

Executive Summary

This vulnerability is a memory leak in the Linux kernel's amd-pstate driver, specifically in the function amd_pstate_epp_cpu_init(). When the function fails to set the energy performance preference (epp), it returns an error code but does not free the cpudata object that was allocated at the start of the function. This causes a memory leak because allocated memory is not properly released.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53121. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart