CVE-2026-45908 Linux CVE debrief

Who should care

Organizations running Linux systems with AMD XDNA AI accelerators (such as Ryzen AI or Instinct MI series with XDNA support), kernel developers maintaining accelerator drivers, and security teams tracking kernel memory safety issues.

Technical summary

The vulnerability is located in `drivers/accel/amdxdna/amdxdna_gem.c` in the `amdxdna_ubuf_map()` function. The function allocates `struct sg_table *sgt` and internal sg structures via `sg_alloc_table()`, but the error handling paths for `sg_alloc_table_from_pages()` and `dma_map_sgtable()` failures do not call `sg_free_table()` or `kfree(sgt)`, resulting in a memory leak. The fix adds proper cleanup by calling `sg_free_table()` and freeing `sgt` before returning error codes in these failure paths. This is a classic resource leak bug where allocation and deallocation paths are mismatched in error handling code.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fix commits once available through your distribution's security channel
• Monitor for stable kernel releases backporting the fix to affected LTS branches
• Review systems utilizing AMD XDNA accelerators for unusual memory consumption patterns
• Consider enabling kernel memory leak detection (KMEMLEAK) on development/staging systems to catch similar issues
• Track NVD entry for CVSS scoring once analysis is completed

Evidence notes

The CVE description and kernel commit references confirm the vulnerability is a memory leak in error handling paths within the AMD XDNA driver. The fix ensures allocated sg structures are properly freed when `sg_alloc_table_from_pages()` or `dma_map_sgtable()` return errors. No CVSS score or severity has been assigned by NVD as of the CVE publication date.

Official resources