Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()

In amdgpu_acpi_enumerate_xcc(), if amdgpu_acpi_dev_init() returns -ENOMEM,
the function returns directly without releasing the allocated xcc_info,
resulting in a memory leak.

Fix this by ensuring that xcc_info is properly freed in the error paths.

Compile tested only. Issue found using a prototype static analysis tool
and code review.
Published: 2026-05-27
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is present in the Linux kernel's amdgpu driver. In the function amdgpu_acpi_enumerate_xcc, an allocated structure named xcc_info is not freed when amdgpu_acpi_dev_init returns -ENOMEM, creating a memory leak. Over time, repeated execution of this error path could exhaust kernel memory, destabilizing the system or triggering a reboot. The weakness corresponds to a classic memory‑leak flaw.

Affected Systems

All Linux kernels that include the amdgpu driver prior to the application of the patch are affected. No specific kernel version range is listed, so any installation running the default amdgpu module before the fix is vulnerable.

Risk and Exploitability

The EPSS score is reported as less than 1%, indicating a very low probability of exploitation, and no CVSS value is provided, making quantitative risk unknown. Based on the description, it is inferred that the attack vector requires local privileged interaction with kernel ACPI enumeration routines; a non‑privileged user would not be able to trigger the leak alone. An attacker with such access could repeatedly invoke the problematic code path to deplete kernel memory, potentially causing a denial‑of‑service. The vulnerability is not listed in the CISA KEV catalog, indicating no known in‑the‑wild exploitation at the time of the advisory.

Generated by OpenCVE AI on May 28, 2026 at 16:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that incorporates the amdgpu fix that frees xcc_info on error.
  • Reboot the affected systems after the kernel update to load the updated amdgpu module.
  • Enable monitoring of kernel memory usage to detect any persistent leaks after applying the fix.

Generated by OpenCVE AI on May 28, 2026 at 16:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 27 May 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() In amdgpu_acpi_enumerate_xcc(), if amdgpu_acpi_dev_init() returns -ENOMEM, the function returns directly without releasing the allocated xcc_info, resulting in a memory leak. Fix this by ensuring that xcc_info is properly freed in the error paths. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:04.117Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45947

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:11.040

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45947

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45947 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T16:45:20Z

Weaknesses