Skip to main content

Linux Kernel EUVDEUVD-2026-32231

| CVE-2026-45947 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-w3wg-mhjg-f88w
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only amdgpu driver flaw requiring low privileges and AMD GPU hardware; purely availability impact with zero data exposure or integrity effects.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 04:44 vuln.today
CVSS changed
Jun 16, 2026 - 02:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()

In amdgpu_acpi_enumerate_xcc(), if amdgpu_acpi_dev_init() returns -ENOMEM, the function returns directly without releasing the allocated xcc_info, resulting in a memory leak.

Fix this by ensuring that xcc_info is properly freed in the error paths.

Compile tested only. Issue found using a prototype static analysis tool and code review.

AnalysisAI

Memory exhaustion in the Linux kernel's drm/amdgpu driver allows a local low-privileged user on AMD GPU-equipped systems to degrade host availability by repeatedly triggering an error path in amdgpu_acpi_enumerate_xcc() that leaks kernel heap memory. The root cause is a missing free of the xcc_info structure when amdgpu_acpi_dev_init() returns -ENOMEM, identified through static analysis and code review rather than active exploitation. With EPSS at 0.02% (5th percentile) and no CISA KEV listing, this is a low-priority maintenance fix for most environments, most relevant to long-running AMD GPU compute workloads where repeated enumeration failures could accumulate leaked memory.

Technical ContextAI

The flaw exists in the Linux kernel's Direct Rendering Manager (DRM) AMD GPU (amdgpu) subsystem, specifically within amdgpu_acpi_enumerate_xcc(), the function responsible for enumerating Accelerated Compute Cores (XCC) via ACPI. CWE-401 (Missing Release of Memory after Effective Lifetime) describes the root cause precisely: kernel heap memory allocated for an xcc_info structure is not released when the subsequent call to amdgpu_acpi_dev_init() returns -ENOMEM, creating a silent memory leak on every such error path traversal. CPE data (cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*) confirms the affected scope spans multiple Linux kernel stable branches beginning at commit 4d5275ab0b18d17697392aafd93e206e6b9de647. The issue was surfaced by a prototype static analysis tool combined with manual code review, not by runtime exploitation or fuzzing.

RemediationAI

Vendor-released patches are available across all major affected stable branches. Upgrade to Linux 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0 as appropriate for your kernel track. The upstream fix commits are available at https://git.kernel.org/stable/c/18a7bbd11f17a7cd4c42fd5955d3675d68c692df (6.18.x branch), https://git.kernel.org/stable/c/7e4b612fe7a960d610c20260c9ee220bddd1b215, https://git.kernel.org/stable/c/c9be63d565789b56ca7b0197e2cb78a3671f95a8, https://git.kernel.org/stable/c/d1370ef2ecf7d4df25e3e1e430cd191b1e7f8596, and https://git.kernel.org/stable/c/e87c73a80a12d337cf5f493c0956f6c2c9eafd80. For systems where immediate patching is not feasible, a targeted compensating control is to blacklist the amdgpu kernel module via /etc/modprobe.d/blacklist-amdgpu.conf - this eliminates the vulnerable code path entirely but disables all AMD GPU functionality, making it acceptable only on headless servers confirmed not to use GPU compute or display. Restricting local user access to /dev/dri and /dev/kfd device nodes via udev rules reduces the set of users who can trigger the vulnerable enumeration path, though this is a weak mitigation since root-level processes are unaffected.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

EUVD-2026-32231 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy