Skip to main content

Linux Kernel EUVDEUVD-2026-32263

| CVE-2026-45979 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-83qm-f4cg-87hh
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local GPU device access at low privilege is required; AC:L because memory exhaustion can be deliberately induced; impact is strictly GPU availability with no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 02:58 vuln.today
CVSS changed
Jun 16, 2026 - 02:52 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: clean up the amdgpu_cs_parser_bos

In low memory conditions, kmalloc can fail. In such conditions unlock the mutex for a clean exit.

We do not need to amdgpu_bo_list_put as it's been handled in the amdgpu_cs_parser_fini.

AnalysisAI

Improper mutex cleanup in the Linux kernel's amdgpu DRM driver allows a local low-privileged user to cause a GPU subsystem denial-of-service on systems equipped with AMD GPU hardware. When kmalloc fails under low memory conditions inside amdgpu_cs_parser_bos, the error path previously returned without releasing the held mutex, leaving it permanently locked and stalling GPU command submission for all users. No public exploit exists and the vulnerability is not listed in CISA KEV; with an EPSS of 0.02% (5th percentile), real-world exploitation risk is low.

Technical ContextAI

The vulnerability resides in the Direct Rendering Manager (DRM) subsystem's amdgpu driver, specifically in the amdgpu_cs_parser_bos() function, which is responsible for parsing and pinning buffer objects during GPU command submission (ioctl path). When the kernel's general-purpose allocator (kmalloc) returns NULL under memory pressure, the original code returned an error code without first releasing an internal mutex, violating the invariant that all acquired locks must be freed on every exit path. This is a classic improper locking defect (analogous to CWE-667: Improper Locking), though no CWE is formally assigned to this CVE. Notably, the fix correctly omits a call to amdgpu_bo_list_put because that cleanup is already handled downstream by amdgpu_cs_parser_fini. The affected CPE is cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*, scoped to the 6.19 stable series and pre-7.0 mainline, starting from commit 737da5363cc07c96d59f2ebaf9f9f87235becf1d.

RemediationAI

The primary fix is upgrading to Linux kernel 6.19.4 (for users on the 6.19 stable series) or applying the mainline patch targeting the 7.0 release. The upstream stable commits are available at https://git.kernel.org/stable/c/0905a1d4a5500ecf11f1c0079098e3a351d22163 (6.19 stable) and https://git.kernel.org/stable/c/f025a2b8d93358467b8e8f4b3a617e88c5f02fab (mainline), as referenced in the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-45979. Where patching is not immediately possible, restrict untrusted local user access to AMD GPU device nodes (e.g., /dev/dri/renderD* and /dev/dri/card*) via udev rules or cgroup device controller policies - note this will prevent affected users from running GPU workloads. Additionally, configuring memory overcommit controls (vm.overcommit_memory) to reduce the likelihood of kmalloc failures under pressure can reduce exposure, though this has system-wide memory management trade-offs.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

EUVD-2026-32263 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy