Description
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: clean up the amdgpu_cs_parser_bos

In low memory conditions, kmalloc can fail. In such conditions
unlock the mutex for a clean exit.

We do not need to amdgpu_bo_list_put as it's been handled in the
amdgpu_cs_parser_fini.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the AMDGPU command submission parser within the Linux kernel. It involves a resource management flaw (CWE-772) and a concurrency issue (CWE-823). During low‑memory situations, a kmalloc failure can occur, causing the parser to exit without unlocking its mutex, which can lead to a deadlock or kernel hang. The supplied patch removes an unnecessary reference to the buffer‑object list and ensures the mutex is released on allocation failure, preventing the deadlock scenario.

Affected Systems

Systems that run a Linux kernel with the AMDGPU driver and contain the legacy amdgpu_cs_parser_bos code path are affected. The CVE does not specify a particular kernel version, so any kernel that implements the old path could be impacted until the patch is applied.

Risk and Exploitability

No CVSS or EPSS score is reported, and the vulnerability is not listed in CISA KEV. Exploitation requires a low‑memory condition and affects only internal kernel structures, making the practical risk low to moderate. The primary concern is system stability rather than direct security compromise.

Generated by OpenCVE AI on May 28, 2026 at 01:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch from the following git references: https://git.kernel.org/stable/c/0905a1d4a5500ecf11f1c0079098e3a351d22163 and https://git.kernel.org/stable/c/f025a2b8d93358467b8e8f4b3a617e88c5f02fab
  • Upgrade to a later Linux kernel release that contains the fixed kernel source
  • Disable the AMDGPU driver if an upgrade or patch cannot be applied immediately, to prevent potential deadlock

Generated by OpenCVE AI on May 28, 2026 at 01:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 27 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-823

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: clean up the amdgpu_cs_parser_bos In low memory conditions, kmalloc can fail. In such conditions unlock the mutex for a clean exit. We do not need to amdgpu_bo_list_put as it's been handled in the amdgpu_cs_parser_fini.
Title drm/amdgpu: clean up the amdgpu_cs_parser_bos
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:37.936Z

Reserved: 2026-05-13T15:03:33.090Z

Link: CVE-2026-45979

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:15.023

Modified: 2026-06-16T02:40:10.533

Link: CVE-2026-45979

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45979 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T01:45:03Z

Weaknesses