Impact
The AMDGPU driver for the Linux kernel contains a flaw where a failure in amdgpu_nbio_ras_sw_init() causes amdgpu_ras_init() to return without freeing an allocated ‘con’ structure. This oversight results in a memory leak each time the error path is taken, gradually depleting kernel memory and potentially degrading or halting system performance. The weakness is a classic memory/resource leak (CWE-401) and improper resource release (CWE-772).
Affected Systems
Any Linux kernel that includes the AMDGPU driver with RAS support compiled before the patch is affected. This includes all distributions that ship an unpatched kernel with CONFIG_AMDGPU_RAS enabled, regardless of the specific release version.
Risk and Exploitability
The CVSS score of 5.5 and an EPSS score of less than 1% indicate a moderate severity and a very low probability of exploitation. No known active exploitation incidents exist and the vulnerability is not listed in CISA’s KEV catalog. Exploitation would require a local or privileged user to repeatedly trigger the failure path, making the overall risk low to moderate and resulting primarily in gradual resource exhaustion rather than immediate denial of service.
OpenCVE Enrichment
Ubuntu USN