CVE-2026-45954 Linux CVE debrief

Who should care

Organizations running embedded Linux systems with AMD/Alchemy AU1200 SoCs utilizing the au1200fb framebuffer driver; kernel maintainers and Linux distribution security teams responsible for stable kernel updates

Technical summary

The au1200fb framebuffer driver in the Linux kernel contains a memory leak vulnerability in its probe function. When `platform_get_irq()` fails during driver initialization, the original code returns directly without freeing previously allocated resources. The vulnerability is classified as a resource management issue affecting error handling paths. The fix introduces proper cleanup via goto labels to ensure all allocated memory is freed when initialization fails. This vulnerability is specific to the AMD/Alchemy AU1200 SoC framebuffer driver and requires local access to trigger during driver loading.

Defensive priority

low

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available from your Linux distribution
• Monitor distribution security advisories for kernel package updates addressing CVE-2026-45954
• Review systems using the au1200fb framebuffer driver on AMD/Alchemy AU1200 platforms
• Consider disabling the au1200fb driver if not required for embedded/legacy hardware operation

Evidence notes

The vulnerability description indicates a memory leak in `au1200fb_drv_probe()` when `platform_get_irq()` fails, with the fix implemented via goto-based cleanup. Multiple stable kernel commits are referenced, suggesting backports to various kernel versions.

Official resources