Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix memory leak in amdgpu_ras_init()

When amdgpu_nbio_ras_sw_init() fails in amdgpu_ras_init(), the function
returns directly without freeing the allocated con structure, leading
to a memory leak.

Fix this by jumping to the release_con label to properly clean up the
allocated memory before returning the error code.

Compile tested only. Issue found using a prototype static analysis tool
and code review.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The AMDGPU driver for the Linux kernel contains a flaw where a failure in amdgpu_nbio_ras_sw_init() causes amdgpu_ras_init() to return without freeing an allocated ‘con’ structure. This oversight results in a memory leak each time the error path is taken, gradually depleting kernel memory and potentially degrading or halting system performance. The weakness is a classic memory/resource leak (CWE-401) and improper resource release (CWE-772).

Affected Systems

Any Linux kernel that includes the AMDGPU driver with RAS support compiled before the patch is affected. This includes all distributions that ship an unpatched kernel with CONFIG_AMDGPU_RAS enabled, regardless of the specific release version.

Risk and Exploitability

The CVSS score of 5.5 and an EPSS score of less than 1% indicate a moderate severity and a very low probability of exploitation. No known active exploitation incidents exist and the vulnerability is not listed in CISA’s KEV catalog. Exploitation would require a local or privileged user to repeatedly trigger the failure path, making the overall risk low to moderate and resulting primarily in gradual resource exhaustion rather than immediate denial of service.

Generated by OpenCVE AI on June 17, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that contains the amdgpu_ras_init fix
  • If a kernel upgrade cannot be performed immediately, rebuild or reconfigure the kernel with AMDGPU RAS disabled (for example by disabling CONFIG_AMDGPU_RAS) to eliminate the leak path
  • Set up monitoring of kernel logs for repeated amdgpu_nbio_ras_sw_init failures and configure automated alerts or a recoverable reboot if abnormal kernel memory consumption is detected

Generated by OpenCVE AI on June 17, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8492-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8492-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8497-1 Linux kernel (Low Latency) vulnerabilities
Ubuntu USN Ubuntu USN USN-8498-1 Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN Ubuntu USN USN-8499-1 Linux kernel (Xilinx) vulnerabilities
Ubuntu USN Ubuntu USN USN-8492-3 Linux kernel (Raspberry Pi Real-time) vulnerabilities
History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Thu, 28 May 2026 00:15:00 +0000


Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpu_ras_init() When amdgpu_nbio_ras_sw_init() fails in amdgpu_ras_init(), the function returns directly without freeing the allocated con structure, leading to a memory leak. Fix this by jumping to the release_con label to properly clean up the allocated memory before returning the error code. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title drm/amdgpu: Fix memory leak in amdgpu_ras_init()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:34.772Z

Reserved: 2026-05-13T15:03:33.090Z

Link: CVE-2026-45976

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:14.700

Modified: 2026-06-17T10:52:49.947

Link: CVE-2026-45976

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45976 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T00:00:05Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime