CVE-2026-45853 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges()

amdgpu_discovery_get_nps_info() internally allocates memory for ranges
using kvcalloc(), which may use vmalloc() for large allocation. Using
kfree() to release vmalloc memory will lead to a memory corruption.

Use kvfree() to safely handle both kmalloc and vmalloc allocations.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Linux kernel’s AMD GPU driver causes allocated memory to be freed with the wrong routine. The driver uses kvcalloc() to obtain buffer space, a function that can return memory from vmalloc for large allocations. When the improper kfree() routine is used to release that buffer, vmalloc memory is corrupted, which can result in system instability or the execution of arbitrary code in kernel mode. This type of vulnerability is commonly classified as a memory corruption issue, related to the wrong deallocation of kernel space memory.

Affected Systems

The vulnerability affects Linux kernel versions that include the amdgpu driver. All distributions that ship a kernel with the AMDGPU module compiled in are potentially impacted, regardless of vendor, because the flaw lies in the generic amdgpu code. No specific patch releases are named in the data, so any kernel build that incorporates the vendor’s amdgpu fix is considered mitigated.

Risk and Exploitability

The official CVE record does not provide a CVSS, EPSS or KEV score, so the exact risk is inferred from the nature of the defect. The impact is moderate‑high because local memory corruption can lead to DoS or privilege escalation. The likely attack vector requires an attacker with the ability to cause the amdgpu module to allocate and later free memory, which typically means the attacker needs user‑space processes that interact with the GPU, root privileges, or the ability to load a malicious kernel module. No public exploits are listed in CISA KEV, but kernel‑level memory corruption poses a significant threat when exploitable.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`b194d21b9bcc15b50df1bc3ff7428e51c2918a6f`	affected	< 16e7e7ad8cdc6b4c4af7f31e262f1494c1b2a55e
`b194d21b9bcc15b50df1bc3ff7428e51c2918a6f`	affected	< 9ae85b0c1909b6c6bfd2636b04cdaf7f520bf2b5
`b194d21b9bcc15b50df1bc3ff7428e51c2918a6f`	affected	< f441538893eba6347b983f2904819ca6c99da65e
`b194d21b9bcc15b50df1bc3ff7428e51c2918a6f`	affected	< 0c44d61945c4a80775292d96460aa2f22e62f86c

Linux

affected

Version	Status	Constraints
`6.11`	affected	—
`0`	unaffected	< 6.11
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install a Linux kernel version that contains the corrected amdgpu driver, ensuring kfree() is replaced with kvfree() in amdgpu_gmc_get_nps_memranges()
Reboot the system after the kernel update so that the new module is loaded and the fix takes effect
If a kernel update cannot be applied immediately, block the amdgpu module by adding "amdgpu" to a blacklist file (e.g., /etc/modprobe.d/blacklist.conf) to prevent the vulnerable driver from being loaded

Generated by OpenCVE AI on May 27, 2026 at 15:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0c44d61945c4a80775292d96460aa2f22e62f86c
https://git.kernel.org/stable/c/16e7e7ad8cdc6b4c4af7f31e262f1494c1b2a55e
https://git.kernel.org/stable/c/9ae85b0c1909b6c6bfd2636b04cdaf7f520bf2b5
https://git.kernel.org/stable/c/f441538893eba6347b983f2904819ca6c99da65e

History

Wed, 27 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() amdgpu_discovery_get_nps_info() internally allocates memory for ranges using kvcalloc(), which may use vmalloc() for large allocation. Using kfree() to release vmalloc memory will lead to a memory corruption. Use kvfree() to safely handle both kmalloc and vmalloc allocations. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title		drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0c44d61945c4a80775292d96460aa2f22e62f86c https://git.kernel.org/stable/c/16e7e7ad8cdc6b4c4af7f31e262f1494c1b2a55e https://git.kernel.org/stable/c/9ae85b0c1909b6c6bfd2636b04cdaf7f520bf2b5 https://git.kernel.org/stable/c/f441538893eba6347b983f2904819ca6c99da65e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:15:27.453Z

Updated: 2026-05-27T12:15:27.453Z

Reserved: 2026-05-13T15:03:33.079Z

Link: CVE-2026-45853

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:57.330

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45853

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T15:45:37Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object