Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()

In amdgpu_acpi_enumerate_xcc(), if amdgpu_acpi_dev_init() returns -ENOMEM,
the function returns directly without releasing the allocated xcc_info,
resulting in a memory leak.

Fix this by ensuring that xcc_info is properly freed in the error paths.

Compile tested only. Issue found using a prototype static analysis tool
and code review.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is present in the Linux kernel's amdgpu driver. In the function amdgpu_acpi_enumerate_xcc, an allocated structure named xcc_info is not freed when amdgpu_acpi_dev_init returns -ENOMEM, creating a memory leak. Over time, repeated execution of this error path could exhaust kernel memory, destabilizing the system or triggering a reboot. The weakness corresponds to a classic memory‑leak flaw.

Affected Systems

All Linux kernels that include the amdgpu driver prior to the application of the patch are affected. No specific kernel version range is listed, so any installation running the default amdgpu module before the fix is vulnerable.

Risk and Exploitability

The EPSS score is reported as less than 1%, indicating a very low probability of exploitation, and a CVSS score of 5.5 is assigned, classifying the vulnerability as Medium severity. Based on the description, it is inferred that the attack vector requires local privileged interaction with kernel ACPI enumeration routines; a non‑privileged user would not be able to trigger the leak alone. An attacker with such access could repeatedly invoke the problematic code path to deplete kernel memory, potentially causing a denial‑of‑service. The vulnerability is not listed in the CISA KEV catalog, indicating no known in‑the‑wild exploitation at the time of the advisory.

Generated by OpenCVE AI on June 16, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that incorporates the amdgpu fix that frees xcc_info on error.
  • Reboot the affected systems after the kernel update to load the updated amdgpu module.
  • Enable monitoring of kernel memory usage to detect any persistent leaks after applying the fix.

Generated by OpenCVE AI on June 16, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 28 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 27 May 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() In amdgpu_acpi_enumerate_xcc(), if amdgpu_acpi_dev_init() returns -ENOMEM, the function returns directly without releasing the allocated xcc_info, resulting in a memory leak. Fix this by ensuring that xcc_info is properly freed in the error paths. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:04.117Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45947

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:11.040

Modified: 2026-06-16T02:36:01.173

Link: CVE-2026-45947

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45947 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T21:30:16Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime