CVE-2026-45853 Linux CVE debrief

Who should care

Linux system administrators running kernels with AMDGPU drivers, particularly on systems with NPS memory configurations; security teams tracking kernel-level memory safety issues; organizations using AMD GPUs in Linux environments for compute or graphics workloads

Technical summary

The vulnerability exists in `amdgpu_gmc_get_nps_memranges()` within the AMDGPU DRM driver. The function `amdgpu_discovery_get_nps_info()` allocates memory for NPS (Non-Uniform Memory Access Per-Socket) memory ranges using `kvcalloc()`, which internally may use `vmalloc()` for large allocations. The original code used `kfree()` to release this memory, which is incorrect when `vmalloc()` was used—`kfree()` must only be used with `kmalloc()` allocations, while `vmalloc()` allocations require `vfree()` or the generic `kvfree()`. Using `kfree()` on `vmalloc()` memory causes memory corruption. The fix replaces `kfree()` with `kvfree()`, which safely handles both allocation types.

Defensive priority

medium

Recommended defensive actions

• Review kernel configurations to identify systems using AMDGPU drivers with NPS (Non-Uniform Memory Access Per-Socket) memory configurations
• Apply kernel updates containing the fix commits when available from your Linux distribution
• Monitor stable kernel release announcements for backported fixes to currently deployed kernel versions
• Consider enabling kernel memory debugging options (CONFIG_DEBUG_VM, CONFIG_DEBUG_SLAB) in test environments to detect similar allocation/free mismatches
• Audit custom kernel modules or out-of-tree drivers for similar patterns of kvcalloc/kvfree mismatches

Evidence notes

The vulnerability description indicates the issue was found using a prototype static analysis tool and code review, with compile testing only. No runtime exploitation testing or proof-of-concept is mentioned. The fix has been applied to multiple stable kernel branches as evidenced by four separate git.kernel.org commits.

Official resources