CVE-2026-45976 - Vulnerability Details

- drm/amdgpu: Fix memory leak in amdgpu_ras_init()

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix memory leak in amdgpu_ras_init()

When amdgpu_nbio_ras_sw_init() fails in amdgpu_ras_init(), the function
returns directly without freeing the allocated con structure, leading
to a memory leak.

Fix this by jumping to the release_con label to properly clean up the
allocated memory before returning the error code.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Published: 2026-05-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw lies in the Linux kernel’s AMDGPU driver, where a failure in the amdgpu_nbio_ras_sw_init() function causes the amdgpu_ras_init() routine to return without freeing an allocated ‘con’ structure. This oversight leads to a memory leak each time the failure path is exercised, ultimately consuming kernel memory and potentially degrading or halting system performance. The weakness is a classic resource leak (CWE-772) that can only be triggered during RAS initialization and is not exploitable remotely without additional preconditions.

Affected Systems

Any Linux kernel containing the AMDGPU driver and compiled with RAS support before the patch are affected. No specific kernel releases are enumerated, so any deployment of a kernel version older than the one that includes the amdgpu_ras_init fix may be vulnerable.

Risk and Exploitability

The CVSS score is not supplied and the EPSS score is unavailable, indicating no actively exploited incidents are known. The attack surface is inferred to be limited to users or processes that can repeatedly trigger driver initializations—typically a local or privileged attacker. Because exploitation requires repeated failures, the overall risk is low to moderate, with the primary consequence being a gradual exhaustion of kernel memory leading to resource denial.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf`	affected	< f8a5426652bdadd4a5cb48326d48abbdfebe8153
`fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf`	affected	< c11cd77a18115d2cd3f4b6915c4a537b6042f950
`fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf`	affected	< 2fef8c2ac67e7c1b0409d23653300b134c63e54c
`fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf`	affected	< 3f43e7812b30d6b2e850218f9bb1dae60727fcef
`fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf`	affected	< ee41e5b63c8210525c936ee637a2c8d185ce873c

Linux

affected

Version	Status	Constraints
`6.4`	affected	—
`0`	unaffected	< 6.4
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf,f8a5426652bdadd4a5cb48326d48abbdfebe8153)`	affected	code_commit	—
`[fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf,c11cd77a18115d2cd3f4b6915c4a537b6042f950)`	affected	code_commit	—
`[fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf,2fef8c2ac67e7c1b0409d23653300b134c63e54c)`	affected	code_commit	—
`[fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf,3f43e7812b30d6b2e850218f9bb1dae60727fcef)`	affected	code_commit	—
`[fdc94d3a8c887e4e06a7ff8dcb51d55cd70e16cf,ee41e5b63c8210525c936ee637a2c8d185ce873c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.4`	affected	semver	—
`[0,6.4)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update that contains the amdgpu_ras_init fix
If a kernel upgrade cannot be performed immediately, rebuild or reconfigure the kernel with AMDGPU RAS disabled (for example, via the CONFIG_AMDGPU_RAS or related configuration options) to eliminate the leak path
Set up monitoring of kernel logs for repeated amdgpu_nbio_ras_sw_init failures and configure automated alerts or a recoverable reboot if abnormal memory consumption is detected

Generated by OpenCVE AI on May 28, 2026 at 01:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00122.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2fef8c2ac67e7c1b0409d23653300b134c63e54c
https://git.kernel.org/stable/c/3f43e7812b30d6b2e850218f9bb1dae60727fcef
https://git.kernel.org/stable/c/c11cd77a18115d2cd3f4b6915c4a537b6042f950
https://git.kernel.org/stable/c/ee41e5b63c8210525c936ee637a2c8d185ce873c
https://git.kernel.org/stable/c/f8a5426652bdadd4a5cb48326d48abbdfebe8153
https://lore.kernel.org/linux-cve-announce/2026052737-CVE-2026-45976-efa6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45976
https://www.cve.org/CVERecord?id=CVE-2026-45976

History

Tue, 16 Jun 2026 06:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026052737-CVE-2026-45976-efa6@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45976 https://www.cve.org/CVERecord?id=CVE-2026-45976

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpu_ras_init() When amdgpu_nbio_ras_sw_init() fails in amdgpu_ras_init(), the function returns directly without freeing the allocated con structure, leading to a memory leak. Fix this by jumping to the release_con label to properly clean up the allocated memory before returning the error code. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title		drm/amdgpu: Fix memory leak in amdgpu_ras_init()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2fef8c2ac67e7c1b0409d23653300b134c63e54c https://git.kernel.org/stable/c/3f43e7812b30d6b2e850218f9bb1dae60727fcef https://git.kernel.org/stable/c/c11cd77a18115d2cd3f4b6915c4a537b6042f950 https://git.kernel.org/stable/c/ee41e5b63c8210525c936ee637a2c8d185ce873c https://git.kernel.org/stable/c/f8a5426652bdadd4a5cb48326d48abbdfebe8153

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:18:34.772Z

Updated: 2026-05-27T12:18:34.772Z

Reserved: 2026-05-13T15:03:33.090Z

Link: CVE-2026-45976

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-27T14:17:14.700

Modified: 2026-06-16T02:40:53.247

Link: CVE-2026-45976

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45976 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T01:45:03Z

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime
CWE-772
Missing Release of Resource after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object