CVE-2026-45947 Linux CVE debrief

Who should care

Linux system administrators running kernels with AMDGPU driver support; organizations with AMD GPU deployments in server or workstation environments; kernel security teams tracking memory management defects

Technical summary

The `amdgpu_acpi_enumerate_xcc()` function in the Linux kernel's AMDGPU DRM driver allocates memory for an `xcc_info` structure. If a subsequent call to `amdgpu_acpi_dev_init()` fails with `-ENOMEM`, the function returns immediately without freeing the allocated `xcc_info`, causing a memory leak. The fix ensures proper cleanup of `xcc_info` in all error paths. The vulnerability is compile-tested only per the commit message, with discovery attributed to prototype static analysis tooling and code review.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable Linux kernel releases containing the fix commits
• Monitor NVD for CVSS scoring and analysis updates once vulnerability assessment is completed
• Review local kernel configurations for AMDGPU driver usage and prioritize patching on systems with AMD graphics hardware
• Consider enabling kernel memory leak detection mechanisms (KASAN, KMEMLEAK) in test environments to identify similar issues

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Fix commits identified in Linux kernel stable tree. Issue discovered via prototype static analysis tool and manual code review per CVE description. Vendor attribution to Linux kernel inferred from source code references; explicit vendor field marked as low-confidence 'Unknown Vendor' in source data.

Official resources